Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
NFS Server Question
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Scorpion265
Tux's lil' helper
Tux's lil' helper


Joined: 05 May 2005
Posts: 129
Location: Kansas City, MO

PostPosted: Wed Mar 20, 2013 12:39 am    Post subject: NFS Server Question Reply with quote

Hello all,

I've been googling and crawling man pages, but can't seem to find an answer for this. Is it possible to have the NFS services listen on a single device? I have eth0 which is external, and eth1 which is internal. I'd like the server to only open up ports on eth1. Is this even possible?
Back to top
View user's profile Send private message
Jaglover
Advocate
Advocate


Joined: 29 May 2005
Posts: 4560
Location: Saint Amant, Acadiana

PostPosted: Wed Mar 20, 2013 12:55 am    Post subject: Reply with quote

Interesting question.
Quote:
-h bindip
Specifies which IP address or hostname to bind to on the local host. This option is recommended when a host has multiple inter-faces. Multiple -h options may be specified.
The above is from nfsd man in FreeBSD.
Below is a snippet from Gentoo nfsd man
Quote:
-H or --host
hostname specify a particular hostname (or address) that NFS requests will be accepted on. By default, rpc.nfsd will accept NFS requests on all known network addresses. Note that lockd (which performs file locking services for NFS) may still accept request on all known network addresses. This may change in future releases of the Linux Kernel.

_________________
Please learn how to denote units correctly!


Last edited by Jaglover on Wed Mar 20, 2013 12:57 am; edited 1 time in total
Back to top
View user's profile Send private message
Scorpion265
Tux's lil' helper
Tux's lil' helper


Joined: 05 May 2005
Posts: 129
Location: Kansas City, MO

PostPosted: Wed Mar 20, 2013 12:57 am    Post subject: Reply with quote

Awesome! I just found that in the man file for nfsd. I was looking in nfs :| The good news is it's working like a charm. I tried the -h with rpcbind, but am not having any luck with port 111. I'll keep looking around and post what I find. Thanks for the help!
Back to top
View user's profile Send private message
Jaglover
Advocate
Advocate


Joined: 29 May 2005
Posts: 4560
Location: Saint Amant, Acadiana

PostPosted: Wed Mar 20, 2013 1:02 am    Post subject: Reply with quote

Welcome you are! :D
_________________
Please learn how to denote units correctly!
Back to top
View user's profile Send private message
Hu
Watchman
Watchman


Joined: 06 Mar 2007
Posts: 8592

PostPosted: Wed Mar 20, 2013 1:56 am    Post subject: Reply with quote

If you want to be especially cautious, you could use iptables rules to prohibit receiving NFS traffic from the unwanted interface. This can be done in addition to the options you already found, so that multiple failures must occur before you are exposed.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum