Hello Tom (or anyone else), finaly found time to try this. I can confirm, that I can bind at least nfsd to specified port using /etc/services.
Nevertheless, mounting the nfs directory from remote client (FreeBSD) fails if I enable only rpc, nfsd, statd and lockd in ipfilter. Analyzing the IP comunication between client and server I found nfs client asking RPC on nfs server for mount port: "Portmap GETPORT Call MOUNT". There is no record for mount in /etc/services. Did not help add mount, nor mountd. Right now, I am going to get the OpenSolaris sources for mountd and investigate further, but if anyone knows how to solve this, I would appreciate it. There has to be a way how to set up a nfs behind a firewall in a case I can't afford to pass all traffic from nfs client. Thank you, Jozef Hamar Tom Haynes wrote: > Jozef Hamar wrote: >> Hello Tom, >> >> are you suggesting, that rpcbind will look in the /etc/servicec and, >> if found, it will use the port number found there? The random port >> number will be used only, and only if the requested service is not >> found in the /etc/services. > > Yes, we do something very similar when doing testing of pNFS communities > and we want to force dserv to be on the same port after a reboot of a > dataserver. > >> >> For example, if I have this two lines in /etc/services >> >> lockd 4045/udp # NFS lock >> daemon/manager >> lockd 4045/tcp >> >> the rpcbind will use everytime port 4045 for lockd? >> >> Jozef >> >> Tom Haynes wrote: >>> Jozef Hamar wrote: >>>> Hi all, >>>> >>>> As a newbie to Solaris, I am trying to make rpcbind to bind >>>> specific services (e.g. nfs, lockd and statd) to specific ports due >>>> to firewalling. >>>> Something similar can be achieved in FreeBSD with >>>> rpc_lockd_flags="-p custom_port" in rc.conf. >>>> >>>> So far, I have not succeeded. Can you guys push me into the right >>>> direction? >>>> >>>> Thank you, >>>> >>>> Jozef Hamar >>>> _______________________________________________ >>>> nfs-discuss mailing list >>>> nfs-discuss at opensolaris.org >>> >>> >>> Jozef, >>> >>> services(4) will allow you to configure this. >>> >>> Tom >> >
