On Sat, 2006-04-15 at 09:05 -0500, Hugo Vanwoerkom wrote: > Sumo Wrestler (or just ate too much) wrote: > > Hugo Vanwoerkom wrote: > >> Hi, > >> > >> In according to: > >> http://nfs.sourceforge.net/nfs-howto/security.html#FIREWALLS > >> > >> one way to force statd to fixed ports is with the -p and -o options. > >> > >> So I added > >> STATDOPTS="-p 854 -o 856" > >> to /etc/init.d/nfs-common. > >> [...] > > > > Did you add that line before the invoking of /etc/default/nfs-common or > > after. Perhaps you should examine /etc/default/nfs-common, as that might > > be a better place for your settings. > > > > Note: I've never explicitly used rpc.statd or nfs. I just looked at the > > scripts on my system. > > > > /etc/init.d/nfs-common has code to invoke /etc/default/nfs-common. > > /etc/default/nfs-common sets STATDOPTS. If you set STATDOPTS before the > > invokation of /etc/default/nfs-common, your settings will be lost. > > > > > > > > Good point. Thanks. I completely forgot to look at > /etc/default/nfs-common. Let me try it again. > > H
Hi, I've been working with NFS this weekend and had some fun with the ports too. Now I have everything on a fixed port so nfs will work through the firewall. I have the following in my docs: in /etc/defaults/nfs-* (common and kernel-server) you can set the ports for the daemons (as noted before) except for lockd. I've found that this can be fixed by putting the ports in /proc/sys/fs/nfs/nlm_* (tcpport/udpport) and restarting the nfs-server. A fix to the init-script of the nfs-server should take care of this. Philippe De Ryck -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
