Re: [Nfs-ganesha-devel] Proxy Problems 2.5

Mon, 19 Jun 2017 02:24:07 -0700 

On 06/16/17 15:21, Frank Filz wrote:

On 06/15/17 21:34, Doug Ortega wrote:

Frank,

Turns out that the nfs-ganesha proxy client was using a source port >
1024 for the nfs client connection to the server.  I added the
'insecure' option to export in /etc/exports on the server to allow
client connections from an unreserved source port.  This let me get
past the issue with the NFS4ERR_PERM being returned on the lookup.

Doug

----------------------------------------------------------------------
--------

Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Nfs-ganesha-devel mailing list
Nfs-ganesha-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel


Hi Doug,


By default, it's true that the nfs-ganesha proxy client is using a source port >
1024 to connect the background nfs server. You have an option to change
this. If you want the proxy client use a privileged port, you should use the
Use_Privileged_Client_Port option as this :

PROXY
{
          Remote_Server
          {
                  Srv_Addr=192.168.1.30;

                  Use_Privileged_Client_Port = true;

          }
}


Let me know if you are facing any problem by using this option. I will be
happy to try to fix it.

Hmm, should we change the default to true?

Frank


---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
If everyone agrees, I can submit a patch that use a privileged port by default for the FSAL_PROXY client to connect the background NFS server. Let me know and I will do it.
In the same way, I submitted last summer a patch (https://review.gerrithub.io/#/c/288895/) still opened and not merged to move Ganesha server default to not accepting unprivileged client. But, as far as I recall, I guess some people were reluctant to upgrade their testing infrastructure to be compliant with this new default. I still think that this new default would be a better choice. 


Best regards,

--
Patrice LUCAS
Ingenieur-Chercheur, CEA-DAM/DSSI/SISR/LA2S
tel : +33 (0)1 69 26 47 86
e-mail : patrice.lu...@cea.fr


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Nfs-ganesha-devel mailing list
Nfs-ganesha-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel

Reply via email to