NFS Port

[Matthew Seaman]

On Mon, Jun 14, 2004 at 01:20:57PM -0400, Bruce Hunter wrote:

> I am able to connect to my NFS system like so
> mount 192.168.1.14:/home/NFSave /mnt/coreserver
> 
> I want to connect from outside my network, like when I'm at school. What
> port(s) does NFS run off. I have to do port forwarding on my
> Router/Firewall.

Look at mountd(8) for the server side of managing NFS -- use the '-p'
options to specify a port to listen on for NFS mount requests.  Port
2049 is the traditional port number for NFS, but portmap(8) generally
only treats that as a guideline, so unless you force it, NFS can use
just about any high numbered port.

Make sure you firewall off port 111 very carefully on any system
running portmap(8) [4.x] or rpcbind(8) [5.x] -- (same program, just
renamed between system versions) exposed to the Internet.  RPC is a
favourite and generally very fruitful attack vector.

On the client, you will need to use tcp as the transport -- not all
clients will support that -- and you can specify what port to contact
the server on in /etc/fstab, thus bypassing the usual portmapper
procedure.  See the descriptions of the '-T' and '-o port' options in
mount_nfs(8).

As others have mentioned, this would be a good situation in which to
use an IPSEC tunnel or similar between server and client -- NFS
traffic is vulnerable to snooping and exposes the contents of your
harddrive.

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040619/e3557a49/attachment.bin