NFS on unprivileged ports ....
William A. Mahaffey III
wam at hiwaay.net
Tue Aug 26 14:23:51 UTC 2014
.... I have nfsd running on my FBSD 9.3 desktop, exporting /home (~3.6
TiB). I can mount/see/use it from all other machines on my LAN (all
Linux boxen) *except* for a CentOS 5.n VM running on one of the other
boxen. When the VM tries to (auto)mount the exported partition on the
FBSD box ('jaguar'), I get the following (from earlier this A.M.):
[root at centos-5:/etc, Tue Aug 26, 06:28 AM] 1008 # lf /net/jaguar/home/
/net/q6600/home/ /net/opty165a/work/ /net/opty165a/home/ /net/cube/home/
ls: /net/jaguar/home/: No such file or directory
/net/cube/home/:
Opty165A/ Q6600/ VMs/ archive/ lost+found/ makedepend* pub/ wam/
/net/opty165a/home/:
FTP/ RPMs/ SGI/ archive/ lost+found/ rsync/ wam/
/net/opty165a/work/:
FTP/ ISOs/ RPMs/ VMs/ archive/ lost+found/ vmware/ wam/
/net/q6600/home/:
FTP/ ISOs/ VMs/ archive/ lost+found/ rsync/ wam/ work/
[root at centos-5:/etc, Tue Aug 26, 06:29 AM] 1009 # df ; w ; /sbin/swapon
-s ; free -m ; uname -a ; hwclock -r; date
Filesystem Type 1K-blocks Used Available Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
ext3 46691248 7505344 36775820 17% /
/dev/hda1 ext3 101086 26854 69013 29% /boot
tmpfs tmpfs 1029372 0 1029372 0% /dev/shm
q6600:/home nfs 1906370560 1025951744 783581184 57% /net/q6600/home
opty165a:/work nfs 480719104 410868736 45431040 91% /net/opty165a/work
opty165a:/home nfs 473086208 351912192 96754944 79% /net/opty165a/home
cube:/home nfs 155794432 143113728 4638976 97% /net/cube/home
06:29:20 up 121 days, 12:12, 3 users, load average: 0.04, 0.02, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
wam pts/0 192.168.122.1 Thu07 46:20m 1.96s 1.96s -tcsh
root pts/1 192.168.122.1 Sun08 46:11m 0.09s 0.09s -bash
root pts/2 192.168.122.1 Sun08 0.00s 0.09s 0.08s -bash
Filename Type Size Used
Priority
/dev/mapper/VolGroup00-LogVol01 partition 4095992 76 -1
total used free shared buffers cached
Mem: 2010 1891 118 0 327 943
-/+ buffers/cache: 620 1389
Swap: 3999 0 3999
Linux centos-5.6-vm 2.6.18-371.8.1.el5.centos.plus #1 SMP Thu Apr 24
18:32:18 EDT 2014 x86_64 x86_64 x86_64 GNU/Linux
Tue Aug 26 06:29:28 2014 -1.008094 seconds
Tue Aug 26 06:29:21 CDT 2014
[root at centos-5:/etc, Tue Aug 26, 06:29 AM] 1010 #
i.e., it can see all other exported partitions except the FBSD (jaguar).
On the FBSD box, I get the following:
[root at kabini1, /etc, 6:24:31am] 708 % grep vfs LIST.sysctl-A.txt | grep
nfs | grep priv
vfs.nfsd.nfs_privport: 0
[root at kabini1, /etc, 6:24:50am] 709 % service mountd status
Cannot 'status' mountd. Set mountd_enable to YES in /etc/rc.conf or use
'onestatus' instead of 'status'.
[root at kabini1, /etc, 6:26:08am] 710 % service mountd onestatus
mountd is running as pid 718.
[root at kabini1, /etc, 6:26:16am] 711 % ps -aux | grep mountd
root 718 0.0 0.0 16180 3836 ?? Is 15Aug14 0:00.03
/usr/sbin/mountd -r
root 51859 0.0 0.0 16332 2024 10 S+ 6:26AM 0:00.00 grep
mountd
wam 51820 0.0 0.0 14544 2428 17 I+ 6:22AM 0:00.01
/bin/sh /usr/bin/man mountd
[root at kabini1, /etc, 6:26:35am] 712 % grep -i mountd rc.d/*
rc.d/mountd:# $FreeBSD: releng/9.3/etc/rc.d/mountd 231792 2012-02-15
22:59:15Z dougb $
rc.d/mountd:# PROVIDE: mountd
rc.d/mountd:name="mountd"
rc.d/mountd:rcvar="mountd_enable"
rc.d/mountd:start_precmd="mountd_precmd"
rc.d/mountd:mountd_precmd()
rc.d/mountd: # mountd flags will differ depending on rc.conf settings
rc.d/mountd: if checkyesno weak_mountd_authentication; then
rc.d/mountd: rc_flags="${mountd_flags} -n"
rc.d/mountd: if checkyesno mountd_enable; then
rc.d/mountd: checkyesno weak_mountd_authentication &&
rc_flags="-n"
rc.d/mountd: rm -f /var/db/mountdtab
rc.d/mountd: ( umask 022 ; > /var/db/mountdtab ) ||
rc.d/mountd: err 1 'Cannot create /var/db/mountdtab'
rc.d/nfsd:# REQUIRE: mountd hostname gssd nfsuserd
rc.d/nfsd: force_depend mountd || return 1
[root at kabini1, /etc, 6:27:19am] 713 % (tail -10 /var/log/messages ; date)
Aug 24 08:09:44 kabini1 mountd[718]: mount request from 192.168.0.9 from
unprivileged port
Aug 24 08:18:12 kabini1 mountd[718]: mount request from 192.168.0.9 from
unprivileged port
Aug 24 08:18:51 kabini1 su: wam to root on /dev/pts/19
Aug 24 08:52:04 kabini1 mountd[718]: mount request from 192.168.0.9 from
unprivileged port
Aug 24 09:10:23 kabini1 ntpd[804]: time reset +0.186836 s
Aug 24 11:37:21 kabini1 dbus[738]: [system] Failed to activate service
'org.freedesktop.Avahi': timed out
Aug 24 11:38:57 kabini1 dbus[738]: [system] Failed to activate service
'org.freedesktop.Avahi': timed out
Aug 24 11:40:21 kabini1 dbus[738]: [system] Failed to activate service
'org.freedesktop.Avahi': timed out
Aug 24 11:48:49 kabini1 last message repeated 7 times
Aug 26 06:29:25 kabini1 mountd[718]: mount request from 192.168.0.9 from
unprivileged port
Tue Aug 26 06:30:14 CDT 2014
[root at kabini1, /etc, 6:30:14am] 714 %
i.e., the mount request from the VM is apparently coming in on an
unprivileged port & the FBSD box's mountd is dropping/ignoring it. The
other boxen handle it OK. I have ipfw dropping all such traffic *not*
originating on my LAN, so I don't mind using the unprivileged port (I
don't think there are any security issues). How do I get FBSD's
nfsd/mountd to allow/handle the mount request on unprivileged ports ?
TIA ....
--
William A. Mahaffey III
----------------------------------------------------------------------
"The M1 Garand is without doubt the finest implement of war
ever devised by man."
-- Gen. George S. Patton Jr.
More information about the freebsd-questions
mailing list