On Wed, Feb 25, 2015 at 8:59 AM, Daniel Thomas <drt24@xxxxxxxxx> wrote: > We have a Linux NFS server (using ZFS) which supports NFS4. It uses > fixed ports for everything and those ports are allowed through the > firewall. We have a number of Linux clients which use this and other NFS > servers, they have a DROP ALL for all all packets arriving on > non-whitelisted ports. > > I think that file delegations might not be working due to callbacks not > succeeding because the client port specified in SETCLIENTID by the > client is blocked by the firewall. > > I have a couple of questions: > > How do I check whether file delegations are working properly? Munin > graphs indicate 0 calls for some of the names which sound like they are > to do with delegations such as delagreturn or delagpurge but is there > some way of checking conclusively? > > How do I specify what client port to provide in SETCLIENTID, there > should be some mount option? I can't find it. Or if it is a well defined > number, what is it? > > Any pointers to answers? > >From Documentation/kernel-parameters.txt: nfs.callback_tcpport= [NFS] set the TCP port on which the NFSv4 callback channel should listen. IOW: If your clients are using modules instead of having NFS compiled in, then do something along the lines of echo "options nfs callback_tcpport=9001" >/etc/modprobe.d/options-local.conf and then reboot your client to set the callback listener to the fixed port number 9001. If the NFS client is compiled into the kernel, then you'll have to edit your grub.conf or whatever to add the kernel command line option "nfs.callback_tcpport=9001". ..and yes, monitoring the "delegreturn" numbers is a good way to figure out if your clients are receiving and later returning delegations. -- Trond Myklebust Linux NFS client maintainer, PrimaryData trond.myklebust@xxxxxxxxxxxxxxx -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html