On Apr 25, 2008, at 10:27 AM, Steinar H. Gunderson wrote:
On Fri, Apr 25, 2008 at 10:19:54AM -0400, Chuck Lever wrote:
The other submitters have iptables blocking on the server, though,
and it
doesn't work for them either (one is using NFSv3, the other
NFSv4). Is
this really working for you?
I can't say until you post a complete description of a specific test
case.
On the client:
iptables -A OUTPUT -d 10.0.0.10 -p udp -j DROP
mount -t nfs 10.0.0.10:/foo /bar
Substitute 10.0.0.10 with the server, of course.
I just tried this specific use case.
Because of the local packet filtering on the client, the kernel's RPC
client is getting -EPERM when trying to send the initial rpcbind
request.
As far as I can see, nothing in the RPC client knows how to deal
specifically with that error code, so it punts the request, and the
mount fails.
When I originally tested mount protocol/version negotiation, I used
only server-side filtering.
--
Chuck Lever
chuck[dot]lever[at]oracle[dot]com
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
