Re: kernel+userspace based nfsd running in parallel on linux?

[devzero@web.de]

Hi Bernd, =


> we are are already doing this for a long time.

any caveats with this? just tune one of both to use different port ?

> Hmm, I thing this is presently not possible. I might be wrong, but I thin=
k =

> neither knfsd nor any userspace nfs daemon presently supports binding to =

> selected interfaces. Thinks they alsways bind to all interfaces.

i wonder very often, why there are so many applications out there which act=
ually _DON`T_  support this. if you are a security aware person, this is a =
very nice feature to be able to make your box more secure, without any fire=
walling at all. an interface which isn`t actually listening is more secure =
than one being firewalled, because you could have misconfigured your firewa=
ll or it could be down by accident. such feature gives so much greater flex=
ibility - i wished i would be able to tell "-bind 1.2.3.4:1234" instead of =
just "-port 1234" to every type of application opening a listening socket.

> We doing it by using different ports for the daemons, knfsd is running as =

> usual on 2049 and unfsd (unfs3) is running on another port.  One also nee=
ds =

> to tell one of the daemon not to register to the portmapper, unfs3 also =

> supports that.

ah, thanks - this looks like one of those "caveats". btw - what about using=
 userspace nfsd via xinetd? xinetd supports binding to dedicated interfaces.

> > if there isn´t a killer argument against this (does not work by de=
sign
> > because...), i would like to try to elaborate to make this work. if this
> > fails because there is no way to specify a dedicated interface to liste=
n on
> > - maybe this could be fixed with some few modifications to the code...
> =

> Any argument against simply using different ports?

ease of use for the clients? (because it´s easier to tell them to conn=
ect to a different ip than to a different port) - what if the client doesn`=
t support connecting to different port (ok, don`t know details yet about nf=
s clients and specifying ports - but i know many apps which are not able to=
 use another port than the standard/default one.

thanks!

roland

_______________________________________________________________________
Viren-Scan f=FCr Ihren PC! Jetzt f=FCr jeden. Sofort, online und kostenlos.
Gleich testen! http://www.pc-sicherheit.web.de/freescan/?mc=3D022222


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=3Djoin.php&p=3Dsourceforge&CID=3DDE=
VDEV
_______________________________________________
NFS maillist  -  NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs