mountd through a firewall?

mountd through a firewall?

[Robert Rati]

I post this question a few days ago, but go no response.  I hope someone 
on the list can help with this issue or point me in another direction.

When I start rpc.mountd, I notice that it always registers 4 ports with 
portmapper.  2 TCP and 2 UDP, which corespond to two separate instances 
of mountd.  When I run exportfs, I see that no file systems are being 
exported.  If I export a file system, the only difference is exportfs 
shows a file system being exported.  This will obviously cause a problem 
if I try to specify a port for rpc.mountd to run on as both instances of 
mountd try to use the same port and the tcp bind for the second instance 
fails.  Why does rpc.mountd start two instances of mountd?

This issue comes from trying to allow an NFS export through a firewall. 
  Since mountd uses different ports each time it starts, it's nearly 
impossible to pass it through a firewall.  Does anyone have an alternate 
solution to this problem besides telling rpc.mountd to run on a 
specified port (as that isn't working as detailed above).  I'm stuck 
using kernel 2.2.17, so I've been unable to check out the nfs-utils 
ability to handle specifying a port for mountd.

Rob



-------------------------------------------------------
This SF.net email is sponsored by: SlickEdit Inc. Develop an edge.
The most comprehensive and flexible code editor you can use.
Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial.
www.slickedit.com/sourceforge
_______________________________________________
NFS maillist  -  NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs

Re: mountd through a firewall?

[Ion Badulescu]

On Wed, 19 Feb 2003 16:56:46 -0600, Robert Rati <Robert.Rati@motorola.com> wrote:
> 
> When I start rpc.mountd, I notice that it always registers 4 ports with 
> portmapper.  2 TCP and 2 UDP, which corespond to two separate instances 
> of mountd.  When I run exportfs, I see that no file systems are being 
> exported.  If I export a file system, the only difference is exportfs 
> shows a file system being exported.  This will obviously cause a problem 
> if I try to specify a port for rpc.mountd to run on as both instances of 
> mountd try to use the same port and the tcp bind for the second instance 
> fails.  Why does rpc.mountd start two instances of mountd?

It doesn't, so you must be doing something very wrong on your system -- 
are you starting a second mountd or something?

This is my system:

$ ps ax |grep mountd
26351 ?        S      0:01 rpc.mountd
$ rpcinfo -p | grep mountd
    100005    1   udp   4112  mountd
    100005    1   tcp   3231  mountd
    100005    2   udp   4112  mountd
    100005    2   tcp   3231  mountd
    100005    3   udp   4112  mountd
    100005    3   tcp   3231  mountd

One process, six ports, no problem.

Ion

-- 
  It is better to keep your mouth shut and be thought a fool,
            than to open it and remove all doubt.


-------------------------------------------------------
This SF.net email is sponsored by: SlickEdit Inc. Develop an edge.
The most comprehensive and flexible code editor you can use.
Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial.
www.slickedit.com/sourceforge
_______________________________________________
NFS maillist  -  NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs

Re: mountd through a firewall?

[Robert Rati]

Ion Badulescu wrote:
> On Wed, 19 Feb 2003 16:56:46 -0600, Robert Rati <Robert.Rati@motorola.com> wrote:
> 
>>When I start rpc.mountd, I notice that it always registers 4 ports with 
>>portmapper.  2 TCP and 2 UDP, which corespond to two separate instances 
>>of mountd.  When I run exportfs, I see that no file systems are being 
>>exported.  If I export a file system, the only difference is exportfs 
>>shows a file system being exported.  This will obviously cause a problem 
>>if I try to specify a port for rpc.mountd to run on as both instances of 
>>mountd try to use the same port and the tcp bind for the second instance 
>>fails.  Why does rpc.mountd start two instances of mountd?
> 
> 
> It doesn't, so you must be doing something very wrong on your system -- 
> are you starting a second mountd or something?

Thanks for the reply.

Actually, I mispoke in my first statement, sorry.  mountd isn't creating 
two instances on the system, but it's opening 4 ports from the same 
instance.  I thought that maybe mountd was opening a pair of ports for 
each exported filesystem, but my /etc/exports is bare, exportfs shows no 
exported file systems, so why is mountd using 4 ports?  Even if I share 
a directory, mountd is still using 4 ports.

Is there a way to control the port range mountd will use?  If not, do 
you know the range mountd will use?

Rob



-------------------------------------------------------
This SF.net email is sponsored by: SlickEdit Inc. Develop an edge.
The most comprehensive and flexible code editor you can use.
Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial.
www.slickedit.com/sourceforge
_______________________________________________
NFS maillist  -  NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs

Re: mountd through a firewall?

[Ion Badulescu]

On Thu, 20 Feb 2003, Robert Rati wrote:

> Actually, I mispoke in my first statement, sorry.  mountd isn't creating 
> two instances on the system, but it's opening 4 ports from the same 
> instance.  I thought that maybe mountd was opening a pair of ports for 
> each exported filesystem, but my /etc/exports is bare, exportfs shows no 
> exported file systems, so why is mountd using 4 ports?  Even if I share 
> a directory, mountd is still using 4 ports.

That's the expected behavior, yes.

> Is there a way to control the port range mountd will use?  If not, do 
> you know the range mountd will use?

man rpc.mountd, look for "-p".

Ion

-- 
  It is better to keep your mouth shut and be thought a fool,
            than to open it and remove all doubt.



-------------------------------------------------------
This SF.net email is sponsored by: SlickEdit Inc. Develop an edge.
The most comprehensive and flexible code editor you can use.
Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial.
www.slickedit.com/sourceforge
_______________________________________________
NFS maillist  -  NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs

Re: mountd through a firewall?

[Robert Rati]

>>Is there a way to control the port range mountd will use?  If not, do 
>>you know the range mountd will use?
> 
> 
> man rpc.mountd, look for "-p".

I've tried using the -p option, but that causes mountd to try to open 
all 4 ports on the same port.  For the two UDP ports that not a problem 
(although I don't think functionally it'd work too well), but the two 
TCP ports obviously will have a problem.  When I run rpc.mountd -p 5000, 
I get this error:

mountd: Could not bind name to socket: Address already in use

pmap_dump shows this:

     100005    1   udp   5000  mountd
     100005    1   tcp   5000  mountd
     100005    2   udp   5000  mountd

However, mountd is not running on the system even though it has 
registered ports with portmapper.  Can I specify a range of ports 
somehow?  I tried rpc.mountd -p5000:5002, but that didn't change anything.

Rob



-------------------------------------------------------
This SF.net email is sponsored by: SlickEdit Inc. Develop an edge.
The most comprehensive and flexible code editor you can use.
Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial.
www.slickedit.com/sourceforge
_______________________________________________
NFS maillist  -  NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs

Re: mountd through a firewall?

[Ion Badulescu]

On Thu, 20 Feb 2003, Robert Rati wrote:

> I've tried using the -p option, but that causes mountd to try to open 
> all 4 ports on the same port.  For the two UDP ports that not a problem 
> (although I don't think functionally it'd work too well), but the two 
> TCP ports obviously will have a problem.  When I run rpc.mountd -p 5000, 
> I get this error:
> 
> mountd: Could not bind name to socket: Address already in use

Then you have a broken mountd.. because it doesn't need to listen on 
multiple ports. You saw my rpcinfo output, even without -p it was only 
using 2 distinct ports.

I just tested the mountd from both nfs-utils 0.3.3 and 1.0.1, both work 
correctly with respect to -p.

Ion

-- 
  It is better to keep your mouth shut and be thought a fool,
            than to open it and remove all doubt.



-------------------------------------------------------
This SF.net email is sponsored by: SlickEdit Inc. Develop an edge.
The most comprehensive and flexible code editor you can use.
Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial.
www.slickedit.com/sourceforge
_______________________________________________
NFS maillist  -  NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs

Re: mountd through a firewall?

[Robert Rati]

>>I've tried using the -p option, but that causes mountd to try to open 
>>all 4 ports on the same port.  For the two UDP ports that not a problem 
>>(although I don't think functionally it'd work too well), but the two 
>>TCP ports obviously will have a problem.  When I run rpc.mountd -p 5000, 
>>I get this error:
>>
>>mountd: Could not bind name to socket: Address already in use
> 
> 
> Then you have a broken mountd.. because it doesn't need to listen on 
> multiple ports. You saw my rpcinfo output, even without -p it was only 
> using 2 distinct ports.
> 
> I just tested the mountd from both nfs-utils 0.3.3 and 1.0.1, both work 
> correctly with respect to -p.

rpc.mountd -version gives this info:

kmountd 1.4.7 (0.4.22)

and I don't have nfs-utils installed on the system.  I'm stuck using 
kernel 2.2.17 and I had read you had to have a 2.4 kernel to use 
nfs-utils.  Is that incorrect?  Is this possibly a limitation of the 
version of mountd on the system?

Rob



-------------------------------------------------------
This SF.net email is sponsored by: SlickEdit Inc. Develop an edge.
The most comprehensive and flexible code editor you can use.
Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial.
www.slickedit.com/sourceforge
_______________________________________________
NFS maillist  -  NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs

Re: mountd through a firewall?

[Ion Badulescu]

On Thu, 20 Feb 2003, Robert Rati wrote:

> rpc.mountd -version gives this info:
> 
> kmountd 1.4.7 (0.4.22)

Ancient history.

> and I don't have nfs-utils installed on the system.  I'm stuck using 
> kernel 2.2.17 and I had read you had to have a 2.4 kernel to use 
> nfs-utils.  Is that incorrect?  Is this possibly a limitation of the 
> version of mountd on the system?

Incorrect, nfs-utils works with any 2.2 and newer kernel.

Ion

-- 
  It is better to keep your mouth shut and be thought a fool,
            than to open it and remove all doubt.



-------------------------------------------------------
This SF.net email is sponsored by: SlickEdit Inc. Develop an edge.
The most comprehensive and flexible code editor you can use.
Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial.
www.slickedit.com/sourceforge
_______________________________________________
NFS maillist  -  NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs

Re: mountd through a firewall?

[Robert Rati]

>>and I don't have nfs-utils installed on the system.  I'm stuck using 
>>kernel 2.2.17 and I had read you had to have a 2.4 kernel to use 
>>nfs-utils.  Is that incorrect?  Is this possibly a limitation of the 
>>version of mountd on the system?

I downloaded the latest nfs-utils package and everything works great. 
Thanks for your help.

Rob



-------------------------------------------------------
This SF.net email is sponsored by: SlickEdit Inc. Develop an edge.
The most comprehensive and flexible code editor you can use.
Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial.
www.slickedit.com/sourceforge
_______________________________________________
NFS maillist  -  NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs