On Thu, 18 Oct 2012 19:11:37 +0200 "Sebastian Reitenbach" <sebas...@l00-bugdead-prods.de> wrote:
> getting NFS through a firewall is not that trivial with mountd binding to a > random port each time it starts. Hi, here is how I solved it after my proposal for a fixed-port-option was rejected: /etc/rc.local: [...] # register (random) rpc ports to pf anchor rpcinfo -p localhost \ |awk \ ' /tcp/ \ {printf "pass in proto %s to port %d\n", $3, $4} /udp/ \ {printf "pass in proto %s to port %d\n", $3, $4; \ printf "pass out proto %s from port %d\n", $3, $4} ' \ |pfctl -a rpc -f - [...] /etc/pf.conf: # NFS # rpc daemons use more or less random ports; they will be put into this anchor anchor "rpc" on {tun0 lo0} from <nfs> to (self) anchor "rpc" on {tun0 lo0} from (self) to <nfs> # local daemons need access to portmap before the rpc anchor is populated pass in on lo0 inet proto {udp tcp} from localhost to localhost port portmap