On Mon, Jun 14, 2004 at 01:20:57PM -0400, Bruce Hunter wrote:
I am able to connect to my NFS system like so
mount 192.168.1.14:/home/NFSave /mnt/coreserver
I want to connect from outside my network, like when I'm at school. What
port(s) does NFS run off. I have to do port forwarding on my
Router/Firewall.
Look at mountd(8) for the server side of managing NFS -- use the '-p'
options to specify a port to listen on for NFS mount requests. Port
2049 is the traditional port number for NFS, but portmap(8) generally
only treats that as a guideline, so unless you force it, NFS can use
just about any high numbered port.
Make sure you firewall off port 111 very carefully on any system
running portmap(8) [4.x] or rpcbind(8) [5.x] -- (same program, just
renamed between system versions) exposed to the Internet. RPC is a
favourite and generally very fruitful attack vector.
On the client, you will need to use tcp as the transport -- not all
clients will support that -- and you can specify what port to contact
the server on in /etc/fstab, thus bypassing the usual portmapper
procedure. See the descriptions of the '-T' and '-o port' options in
mount_nfs(8).
As others have mentioned, this would be a good situation in which to
use an IPSEC tunnel or similar between server and client -- NFS
traffic is vulnerable to snooping and exposes the contents of your
harddrive.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
pgpBI0H4PBmPt.pgp
Description: PGP signature
