NFS server and reserved ports ...
Problem: how do I enable an OpenBSD server to accept mount requests from
client machines that do not use a reserved port (<1024)?
According to mountd:
-n Do not require that clients make mount requests from reserved
ports. (Normally, only mount requests from reserved ports are
accepted.) This option should only be specified if there are
clients, such as PCs, that need it. The use of -n is STRONGLY
discouraged, as it opens up a wide range of security problems.
However using tcpdump I'm still getting an error even though mountd is
using the -n flag:
12:19:42.109869 host.49353 > server.nfsd: xid 0x51174055 128 getattr
[|nfs] (ttl 64, id 32626, len 156)
12:19:42.109962 server.nfsd > host.49353: xid 0x51174055 reply ERR 20
getattr [|nfs] (ttl 64, id 39316, len 48)
On one type of client I can force use of a reserved port and mouting
I'm investigating whether it is possible to set this on the other
clients, however solving the problem at the server would be more useful.
I've looked on the OpenBSD web site and there is a comment against
"Remove requirement for reserved ports in the NFS server by using the
however it looks like that has been removed by release 3.7 as sysctl
does not list it:
server# sysctl vfs.nfs.norsvport
sysctl: third level name norsvport in vfs.nfs.norsvport is invalid
So - is there a way to allow non-reserved port use of an OpenBSD server?
would I need to use secure RPC? Kerberos? ...
Any thoughts/suggestions appreciated.