View previous topic :: View next topic |
Author |
Message |
Scorpion265 Tux's lil' helper
Joined: 05 May 2005 Posts: 129 Location: Kansas City, MO
|
Posted: Wed Mar 20, 2013 12:39 am Post subject: NFS Server Question |
|
|
Hello all,
I've been googling and crawling man pages, but can't seem to find an answer for this. Is it possible to have the NFS services listen on a single device? I have eth0 which is external, and eth1 which is internal. I'd like the server to only open up ports on eth1. Is this even possible? |
|
Back to top |
|
|
Jaglover Watchman
Joined: 29 May 2005 Posts: 8291 Location: Saint Amant, Acadiana
|
Posted: Wed Mar 20, 2013 12:55 am Post subject: |
|
|
Interesting question.
Quote: | -h bindip
Specifies which IP address or hostname to bind to on the local host. This option is recommended when a host has multiple inter-faces. Multiple -h options may be specified.
| The above is from nfsd man in FreeBSD.
Below is a snippet from Gentoo nfsd man Quote: | -H or --host
hostname specify a particular hostname (or address) that NFS requests will be accepted on. By default, rpc.nfsd will accept NFS requests on all known network addresses. Note that lockd (which performs file locking services for NFS) may still accept request on all known network addresses. This may change in future releases of the Linux Kernel.
|
_________________ My Gentoo installation notes.
Please learn how to denote units correctly!
Last edited by Jaglover on Wed Mar 20, 2013 12:57 am; edited 1 time in total |
|
Back to top |
|
|
Scorpion265 Tux's lil' helper
Joined: 05 May 2005 Posts: 129 Location: Kansas City, MO
|
Posted: Wed Mar 20, 2013 12:57 am Post subject: |
|
|
Awesome! I just found that in the man file for nfsd. I was looking in nfs The good news is it's working like a charm. I tried the -h with rpcbind, but am not having any luck with port 111. I'll keep looking around and post what I find. Thanks for the help! |
|
Back to top |
|
|
Jaglover Watchman
Joined: 29 May 2005 Posts: 8291 Location: Saint Amant, Acadiana
|
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21489
|
Posted: Wed Mar 20, 2013 1:56 am Post subject: |
|
|
If you want to be especially cautious, you could use iptables rules to prohibit receiving NFS traffic from the unwanted interface. This can be done in addition to the options you already found, so that multiple failures must occur before you are exposed. |
|
Back to top |
|
|
|