Re: [Bulk] [nfsd_server_flags="-h ipaddress" has no effect]
- Reply: Frank Leonhardt : "Re: [nfsd_server_flags="-h ipaddress" has no effect]"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 31 Aug 2025 18:44:04 UTC
On 31/08/2025 17:23, void wrote: > Hi, > > (sorry, originally sent to -current, oops) > > On relatively recent -current (main-n278917-233a26b5c5d7 amd64) > I was alarmed to find that on a dual-NIC host that if nfsd > is enabled with the -h flag set, the port appears open on all NICs and > not just the internal facing one. > > This behaviour is in contrast to rpcbind_flags="-h 192.168.1.100" > which when set means rpcbind cannot be seen on the external-facing > interface when tested. > > Is this expected? > > I would have expected port 2047 to be inaccessible from outside the > network if nfsd is bound with -h to an internal-only interface/ip address No, indeed I would not. It's not what the source code says to do, but it does silently ignore the bind addresses list it's created if the -a flag has been used. if it hits a -a flag. If the count of things added to the list is zero it binds to everything regardless. Are you sure you set the server flags correctly in rc.conf and they're the ones being used? nfs_server_enable="YES" nfs_server_flags="-t -n 4 -h 192.168.1.2" (-t and -n 4 being a reasonable choice). IIRC there's a problem binding to an interface if you're using UDP. Assuming you DIDN'T set the -a flag a printf() around line 300 of usr.sbin/nfsd/nfsd.c would be interesting. Regards, Frank.