NFS on unprivileged ports ....

Tue Aug 26 14:23:51 UTC 2014

.... I have nfsd running on my FBSD 9.3 desktop, exporting /home (~3.6 
TiB). I can mount/see/use it from all other machines on my LAN (all 
Linux boxen) *except* for a CentOS 5.n VM running on one of the other 
boxen. When the VM tries to (auto)mount the exported partition on the 
FBSD box ('jaguar'), I get the following (from earlier this A.M.):

[root at centos-5:/etc, Tue Aug 26, 06:28 AM] 1008 # lf /net/jaguar/home/  
/net/q6600/home/   /net/opty165a/work/ /net/opty165a/home/   /net/cube/home/
ls: /net/jaguar/home/: No such file or directory
/net/cube/home/:
Opty165A/  Q6600/  VMs/  archive/  lost+found/  makedepend*  pub/ wam/

/net/opty165a/home/:
FTP/  RPMs/  SGI/  archive/  lost+found/  rsync/  wam/

/net/opty165a/work/:
FTP/  ISOs/  RPMs/  VMs/  archive/  lost+found/  vmware/  wam/

/net/q6600/home/:
FTP/  ISOs/  VMs/  archive/  lost+found/  rsync/  wam/  work/
[root at centos-5:/etc, Tue Aug 26, 06:29 AM] 1009 # df ; w ; /sbin/swapon 
-s ; free -m ; uname -a ; hwclock  -r;  date
Filesystem    Type   1K-blocks      Used Available Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
               ext3    46691248   7505344  36775820  17% /
/dev/hda1     ext3      101086     26854     69013  29% /boot
tmpfs        tmpfs     1029372         0   1029372   0% /dev/shm
q6600:/home    nfs   1906370560 1025951744 783581184  57% /net/q6600/home
opty165a:/work nfs   480719104 410868736  45431040  91% /net/opty165a/work
opty165a:/home nfs   473086208 351912192  96754944  79% /net/opty165a/home
cube:/home     nfs   155794432 143113728   4638976  97% /net/cube/home
  06:29:20 up 121 days, 12:12,  3 users,  load average: 0.04, 0.02, 0.00
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
wam      pts/0    192.168.122.1    Thu07   46:20m  1.96s  1.96s -tcsh
root     pts/1    192.168.122.1    Sun08   46:11m  0.09s  0.09s -bash
root     pts/2    192.168.122.1    Sun08    0.00s  0.09s  0.08s -bash
Filename                                Type            Size Used    
Priority
/dev/mapper/VolGroup00-LogVol01         partition       4095992 76      -1
              total       used       free     shared    buffers cached
Mem:          2010       1891        118          0 327        943
-/+ buffers/cache:        620       1389
Swap:         3999          0       3999
Linux centos-5.6-vm 2.6.18-371.8.1.el5.centos.plus #1 SMP Thu Apr 24 
18:32:18 EDT 2014 x86_64 x86_64 x86_64 GNU/Linux
Tue Aug 26 06:29:28 2014  -1.008094 seconds
Tue Aug 26 06:29:21 CDT 2014
[root at centos-5:/etc, Tue Aug 26, 06:29 AM] 1010 #

i.e., it can see all other exported partitions except the FBSD (jaguar). 
On the FBSD box, I get the following:

[root at kabini1, /etc, 6:24:31am] 708 %  grep vfs LIST.sysctl-A.txt | grep 
nfs | grep priv
vfs.nfsd.nfs_privport: 0
[root at kabini1, /etc, 6:24:50am] 709 %  service  mountd  status
Cannot 'status' mountd. Set mountd_enable to YES in /etc/rc.conf or use 
'onestatus' instead of 'status'.
[root at kabini1, /etc, 6:26:08am] 710 %  service mountd onestatus
mountd is running as pid 718.
[root at kabini1, /etc, 6:26:16am] 711 %  ps -aux | grep mountd
root         718   0.0  0.0  16180  3836 ??  Is   15Aug14 0:00.03 
/usr/sbin/mountd -r
root       51859   0.0  0.0  16332  2024 10  S+    6:26AM 0:00.00 grep 
mountd
wam        51820   0.0  0.0  14544  2428 17  I+    6:22AM 0:00.01 
/bin/sh /usr/bin/man mountd
[root at kabini1, /etc, 6:26:35am] 712 %  grep -i mountd rc.d/*
rc.d/mountd:# $FreeBSD: releng/9.3/etc/rc.d/mountd 231792 2012-02-15 
22:59:15Z dougb $
rc.d/mountd:# PROVIDE: mountd
rc.d/mountd:name="mountd"
rc.d/mountd:rcvar="mountd_enable"
rc.d/mountd:start_precmd="mountd_precmd"
rc.d/mountd:mountd_precmd()
rc.d/mountd:    # mountd flags will differ depending on rc.conf settings
rc.d/mountd:            if checkyesno weak_mountd_authentication; then
rc.d/mountd:                    rc_flags="${mountd_flags} -n"
rc.d/mountd:            if checkyesno mountd_enable; then
rc.d/mountd:                    checkyesno weak_mountd_authentication && 
rc_flags="-n"
rc.d/mountd:    rm -f /var/db/mountdtab
rc.d/mountd:    ( umask 022 ; > /var/db/mountdtab ) ||
rc.d/mountd:        err 1 'Cannot create /var/db/mountdtab'
rc.d/nfsd:# REQUIRE: mountd hostname gssd nfsuserd
rc.d/nfsd:      force_depend mountd || return 1
[root at kabini1, /etc, 6:27:19am] 713 %  (tail -10 /var/log/messages ; date)
Aug 24 08:09:44 kabini1 mountd[718]: mount request from 192.168.0.9 from 
unprivileged port
Aug 24 08:18:12 kabini1 mountd[718]: mount request from 192.168.0.9 from 
unprivileged port
Aug 24 08:18:51 kabini1 su: wam to root on /dev/pts/19
Aug 24 08:52:04 kabini1 mountd[718]: mount request from 192.168.0.9 from 
unprivileged port
Aug 24 09:10:23 kabini1 ntpd[804]: time reset +0.186836 s
Aug 24 11:37:21 kabini1 dbus[738]: [system] Failed to activate service 
'org.freedesktop.Avahi': timed out
Aug 24 11:38:57 kabini1 dbus[738]: [system] Failed to activate service 
'org.freedesktop.Avahi': timed out
Aug 24 11:40:21 kabini1 dbus[738]: [system] Failed to activate service 
'org.freedesktop.Avahi': timed out
Aug 24 11:48:49 kabini1 last message repeated 7 times
Aug 26 06:29:25 kabini1 mountd[718]: mount request from 192.168.0.9 from 
unprivileged port
Tue Aug 26 06:30:14 CDT 2014
[root at kabini1, /etc, 6:30:14am] 714 %

i.e., the mount request from the VM is apparently coming in on an 
unprivileged port & the FBSD box's mountd is dropping/ignoring it. The 
other boxen handle it OK. I have ipfw dropping all such traffic *not* 
originating on my LAN, so I don't mind using the unprivileged port (I 
don't think there are any security issues). How do I get FBSD's 
nfsd/mountd to allow/handle the mount request on unprivileged ports ? 
TIA ....

-- 

	William A. Mahaffey III

  ----------------------------------------------------------------------

	"The M1 Garand is without doubt the finest implement of war
	 ever devised by man."
                            -- Gen. George S. Patton Jr.