In order to improve the security of our departmental NetApp filer, we tried to block in our IP router access from our Linux NFSv3 clients to tcp port 2049 of the NFS server from non-priviledged (>1023) client ports. However, it turns out that on some Linux distributions (e.g., CentOS 5.5, Fedora 6-9), this caused the mount command to fail. It appears that during a new mount attempt, the client sends a NULL RPC request from a non-priviledged TCP port. If that is blocked by a firewall, the mount command hangs for a long time and eventually fails with a not-found error. It also seems that not all Linux distributions do this. Why does this happen? Is there a configuration setting that will disable this use of un-priviledged client ports during a mount, which currently prevents us improving the security of our NFS setup? Thanks for any suggestions ... Markus -- Markus Kuhn, Computer Laboratory, University of Cambridge http://www.cl.cam.ac.uk/~mgk25/ || CB3 0FD, Great Britain -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
