Probably intended for the list -----Forwarded Message-----
> > For the purpose of answering my own question if someone is reading > through the old posts the unprivileged port because of NAT was solved by > adding the -n option to mountd. > > Although I find it kind of interesting that the documentation says this > clears the nfs_privport sysctl flag but you can't allow it by clearing > the flag yourself. I didn't find that flag - however I Found that clearing the sysctl flag did work. Odd. > > Ryan > > On Thu, 2002-12-19 at 18:57, Duncan Anker wrote: > > On Fri, 2002-12-20 at 03:59, Ryan Sommers wrote: > > > Does nfs_reserved_port_only really make NFS that much more secure? Or is > > > this more of a depricated option. > > > > Doesn't really help. It's slightly more secure in an environment where > > you don't fully trust your users, but all it does is require the > > connection to come from a privileged port. Since any script kiddie can > > stick a Linux or *BSD box on the net with root access, it really doesn't > > help secure against the sort of attacks you'd want to secure against. > > > > I have found this option is nothing more than annoying (my NFS monitor > > won't use a privileged port, for example) so I leave it off. > > > > As far as the rest of your NFS privilege problems go, you may need to > > mount the filesystem with TCP. I'm not sure how NFS works with NAT, but > > I had some issues with this. Alternatively, if you have multiple IP > > addresses on one itnerface, you need to explicitly tell nfsd which ones > > to bind to, as wildcarding doesn't work with UDP. > > > > HTH > > Duncan Anker > > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
