Re: NFS daemon port numbers for firewall config

To: tech-net%netbsd.org@localhost
Subject: Re: NFS daemon port numbers for firewall config
From: Edgar Fuß <ef%math.uni-bonn.de@localhost>
Date: Sat, 20 Apr 2024 17:24:24 +0200

> For firewalling a static port is easier. That's why mountd started
> to offer a static port too. The other protocols (lock/stat/quota)
> are rarely used through a firewall.
I *do* run them through a firewall. I run a local ipf on every server for
a) anti-spoofing
b) blocking services the daemon can't be told to only serve on certain 
   interfaces/nets.

> Real firewalls inspect the portmapper protocol, learn about what
> ports get registered and automatically allow sessions to the registered
> ports.
So what, in your opinion is an example for a "real firewall"?

> NFSv4 got rid of all the SunRPC details. It uses only a single
> services (for nfs, mount, locking, etc..) on the static port 2049
> for everything. No rpcbind involved.
NFSv4 daemon for NetBSD, anyone?

> You configure firewalls to limit traffic between networks, not interfaces.
In my setup, on most interfaces, each interface (vlan*) only carries one 
network.

References:
- NFS daemon port numbers for firewall config
  - From: Taylor R Campbell
- Re: NFS daemon port numbers for firewall config
  - From: Michael van Elst

Prev by Date: Re: NFS daemon port numbers for firewall config
Next by Date: Re: NFS daemon port numbers for firewall config
Previous by Thread: Re: NFS daemon port numbers for firewall config
Indexes:

Home | Main Index | Thread Index | Old Index