On 6/21/06, Clint Pachl <[EMAIL PROTECTED]> wrote:
Because portmap(8) dynamically assigns the mountd(8) port, how would
one write a pass rule in pf for mountd(8) traffic? My problem is that
every time mountd(8) is re/started, it operates on a different port and
my fixed pf rules block the mount protocol and, consequently, my
clients cannot mount an NFS share.
I read through RFC1094 "NFS: Network File System Protocol
Specification" and RFC1057 "RPC: Remote Procedure Call Protocol
Specification" looking for ways to statically bind the mount protocol
to a port number. It doesn't look possible.
http://www.freebsd.org/cgi/man.cgi?query=mountd
It's definitely possible (Free and Net both offer the -p option). I've
been wondering myself why that flag is not available in OpenBSD's
mountd(8) (for the same reason - filter issues), but hadn't gotten
around to asking. The archives didn't appear to have any threads
discussing why -p hasn't been imported (from what Theo said, I'm sure
there's a reason). In the meantime, I just settled for passing all
traffic from the couple of hosts that need to access NFS resources -
works for my small home LAN, YMMV.
--
[EMAIL PROTECTED],darkuncle.net} || 0x5537F527
encrypted email to the latter address please
http://darkuncle.net/pubkey.asc for public key
