NFS and firewalls - Jeff Hanson

linux-nfs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Jeff Hanson <jhansonxi@gmail.com>
To: Linux NFS <linux-nfs@vger.kernel.org>
Subject: NFS and firewalls
Date: Mon, 27 Dec 2010 18:32:20 -0500	[thread overview]
Message-ID: <AANLkTi=67a4C7Wx1zhoB-gAV_uXyzizenLmaEnbruy9i@mail.gmail.com> (raw)

The random port usage of NFS makes it difficult to use with NAT/firewalls.

The common workaround is to configure statd, mountd, lockd, and quotad
to static ports. Since there isn't any standard (IANA registered) port
assignments this breaks on many networks that use dynamic or different
static ports.

This makes it difficult to use the "standard" network file sharing
protocol with mobile devices which often use firewalls.

Saned, Samba (netbios), and FTP all have conntrack modules to handle
dynamic port usage.  Has there been any attempt to write one for NFS?

I filed a bug with Ubuntu about it (#688446), mostly for psychological
benefit as it's probably something they're not going to get involved
with.

next             reply	other threads:[~2010-12-27 23:40 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-12-27 23:32 Jeff Hanson [this message]
2010-12-28  0:12 ` NFS and firewalls Trond Myklebust
     [not found]   ` <1293495170.9774.7.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2010-12-28  2:58     ` Jeff Hanson
2010-12-28  3:26 ` Jim Rees

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='AANLkTi=67a4C7Wx1zhoB-gAV_uXyzizenLmaEnbruy9i@mail.gmail.com' \
    --to=jhansonxi@gmail.com \
    --cc=linux-nfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).