NFS question..

ME dugan at passwall.com
Tue Aug 20 20:03:28 PDT 2002 

On Tue, 20 Aug 2002, Christopher Wagner wrote:
> I'm trying to set-up a NFS mount from my home computer to my database server
> at work for incremental backups.  I get this message on the Unixware 7.1.1
> box (database server):
> UX:nfs mount: ERROR: access denied for milo.waggie.net:/pac
> 
> and this message on the Redhat Linux 7.3 box at home:
> 
> Aug 20 17:02:57 milo rpc.mountd: refused mount request from
> leg-66-247-88-195-STK.sprinthome.com for /pac (/pac): illegal port 56726
> 
> My /etc/exports on milo is:
> #
> /pac    66.247.88.195(rw)
> 
> I'm running iptables on milo and the database server is behind a Netopia
> firewall product.  What do I need to open up on the firewalls to get this to
> work?  I already opened up 4069/udp (I think that's the one) on milo.
> 
> Thanks in advance for any help provided!! :)

Knowing ahead of time, NFS does not stand for "Network File System" like
many would have you believe, it is actually, "No Frickin' Security"; such
is the case with many services over UDP. (TCP based NFS may add some
security with NFSv3/TCP, but.... *sigh*)

You probably want the "insecure" option for nfs which allows clients to
bind from ports > 1024.

#
/pac    66.247.88.195(insecure,rw)

It is this line that suggests to me this to be the answer:
> Aug 20 17:02:57 milo rpc.mountd: refused mount request from
> leg-66-247-88-195-STK.sprinthome.com for /pac (/pac): illegal port 56726
                                                        ^^^^^^^^^^^^^^^^^^

client using non-reserved port ( >1024 )

You may want to 
# man exports
to find out about other options.

Know this: 

even though you specify the IP of a host to connect to that share, UDP
packets are easy to forge when compared to "sessions" with TCP!

-ME

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/CM$/IT$/LS$/S/O$ !d--(++) !s !a+++(-----) C++$(++++) U++++$(+$) P+$>+++ 
L+++$(++) E W+++$(+) N+ o K w+$>++>+++ O-@ M+$ V-$>- !PS !PE Y+ PGP++
t at -(++) 5+@ X@ R- tv- b++ DI+++ D+ G--@ e+>++>++++ h(++)>+ r*>? z?
------END GEEK CODE BLOCK------
decode: http://www.ebb.org/ungeek/ about: http://www.geekcode.com/geek.html

More information about the talk mailing list