nfs firewall, hard vs soft mount

[Colin Brace]

Hi all,

I have a FreeBSD v7 box set up as gateway/mailserver/WAP. I leave my WAP
unencrypted, so my neighbors can use it, and use PF to allow just a few
specific services (dhcp dns, http, https).

I'd like to be able to mount a couple of NFS shares from a desktop box
running Fedora on a wireless client. I've opened  the sunrpc and nfs ports
in PF, but that doesn't seem to be enough. tcpdump indicates some high upd
ports in the 40k-50k range are used in the nfs negotiation, but I can't
figure out exactly what is going on. Does anyone know what additional ports
need to be opened for nfs? Will I need to use PF to redirect this udf
traffic to the fedora host or will it find the nfs server on its own?

Also, this page here: http://tldp.org/HOWTO/NFS-HOWTO/client.html mentions
hard vs soft mounts. Since wifi is ocassionally flaky, and since the
wireless client (a laptop) is not always within range, I'd prefer to not to
mount them via fstab, but via in a batch file with mount, but that command
doesn't appear to support soft mounts. In the past, I've noticed that
nautilus etc on the client has a fit when hard-mounted nfs shares disappear.
Can anyone recommend a robust way of mounting NFS shares?

I've also tried to mount remote file systems using sftp in gnome (ie,
sftp://host/dir), but the new gvfs subsystem (which apparently replaces
gnome-vfs) still seems flaky; it freezes up my laptop every few times.
Another drawback of sftp is that it appears to add some overhead which I
notice when watching AVI files -- the media player ocassionally stutters.

In any case, suggestions for alternative approaches to mounting remote file
systems via wireless would be most welcome.

-- 
Colin Brace
Amsterdam
http://lim.nl
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: nfs firewall, hard vs soft mount

[darren kirby]

quoth the Colin Brace:
 Hi all,

 I have a FreeBSD v7 box set up as gateway/mailserver/WAP. I leave my WAP
 unencrypted, so my neighbors can use it, and use PF to allow just a few
 specific services (dhcp dns, http, https).

 I'd like to be able to mount a couple of NFS shares from a desktop box
 running Fedora on a wireless client. I've opened  the sunrpc and nfs ports
 in PF, but that doesn't seem to be enough. tcpdump indicates some high upd
 ports in the 40k-50k range are used in the nfs negotiation, but I can't
 figure out exactly what is going on. Does anyone know what additional ports
 need to be opened for nfs? Will I need to use PF to redirect this udf
 traffic to the fedora host or will it find the nfs server on its own?

'rpcinfo -p server' will show the ports/proto you need open. However, it 
should change some each time because rpc.mountd, rpc.statd, and lockd assign 
ports dynamically. You can set a few NFS options to lock these down:

Eg:
RPCMOUNTDOPTS=-p 4002
RPCSTATDOPTS=-p 4000

Sadly, I have only ever run an NFS server on Linux, so I do not know if there 
is a config to set these, or if you have to add the '-p n' to the startup 
scripts directly.

Also, On Linux you must set the lockd port at boot time. Perhaps there is a 
sysctl for this on FreeBSD?

HTH
-d
-- 
darren kirby :: Part of the problem since 1976 :: http://badcomputer.org
...the number of UNIX installations has grown to 10, with more expected...
- Dennis Ritchie and Ken Thompson, June 1972
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]