• 흐림동두천 1.0℃
  • 흐림강릉 1.3℃
  • 서울 3.2℃
  • 대전 3.3℃
  • 대구 6.8℃
  • 울산 6.6℃
  • 광주 8.3℃
  • 부산 7.7℃
  • 흐림고창 6.7℃
  • 흐림제주 10.7℃
  • 흐림강화 2.2℃
  • 흐림보은 3.2℃
  • 흐림금산 4.4℃
  • 흐림강진군 8.7℃
  • 흐림경주시 6.7℃
  • 흐림거제 8.0℃
기상청 제공

linux

Setting static ports for NFS on Linux

Setting static ports for NFS on Linux

This document (7000524) is provided subject to the disclaimer at the end of this document.

Environment

Novell SUSE Linux Enterprise Server 11
Novell SUSE Linux Enterprise Server 10

Situation

In some cases, especially for firewall considerations, static ports need to be set for NFS services.  This can be more complex that initially thought, because NFS relies on a collection or various services.

Resolution

Overview

NFS services (v2 and v3) generally require 5 services be running an accessible through a firewall:
 
portmapper
nfsd
mountd
lockd
statd
 
If there are firewalls between an NFS client and server, a firewall exception will be needed for each of these services.  But first, it is usually required to ensure that these services run on a static port.  In other words, to ensure that they will use the same port every time they are initialized.
 
 
Portmapper
 
Portmapper runs and listens on both NFS clients and on NFS servers.  It already runs on a static port, 111 for both TCP and UDP.  Firewalls should be configured to allow incoming packets to this port on both TCP and UDP.  This firewall exception is needed for incoming packets to both NFS Server systems and NFS client systems.
 
 
NFSD
 
The NFS Daemon runs only on NFS Servers (not on clients).  It already runs on a static port, 2049 for both TCP and UDP.  Firewalls should be configured to allow incoming packets to this port on both TCP and UDP.  This firewall exception is only needed for packets incoming to a NFS Server.
 
NOTE:  For NFS v4, 2049 is the only port needed.  The rest of the services discussed here only need configuration for NFS v2 and v3.
 
 
Mountd
 
The mount daemon runs only on NFS Servers.  To set it to use a static port, edit /etc/sysconfig/nfs and find / set:
 
MOUNTD_PORT=nnnn
 
Where nnnn is replaced by the desired port number.  The number can be either by itself or enclosed in double quotes.  The firewall exception for TCP and UDP is needed for packets incoming to a NFS Server (not to an NFS Client).
 
 
Lockd (NFS Lock Manager Daemon) and Statd (Status Daemon)
 
Lockd and Statd run both on NFS Client and NFS Servers.  Static ports can be set and then firewall exceptions will be needed for incoming TCP and UDP packets to those ports on both NFS Clients and NFS Servers.
 
SLES 11 SP2:
In /etc/sysconfig/nfs, find and set the parameters as desired:
STATD_PORT=
LOCKD_TCPPORT=
LOCKD_UDPPORT=
 
SLES 11 SP1:
For statd ports onNFS Servers, edit /etc/init.d/nfsserver and find the line:
startproc /usr/sbin/rpc.statd --no-notify || {
and add a port parameter to it, so it reads:
startproc /usr/sbin/rpc.statd --no-notify -pnnnn || {
where nnnn is the port number desired.
 
For statd ports on NFS Clients, edit /usr/sbin/start-statd
and find the line:
rpc.statd --no-notify
and add a port parameter, so it reads:
rpc.statd --no-notify -pnnnn
where nnnn is the port number desired.
 
If the system is both an NFS server and NFS client, perform both of the above modifications.
 
Then for lockd ports, use the method below for SLES 10 SP3 and SP4.  On SLES 11, it will be effective for lockd ports but not for statd ports, unlike it's behavior on SLES 10.
 
SLES 10 SP3 and SP4:
The lockd and statd ports are both controlled by a kernel module, lockd. To set the static ports, find or create the file:
/etc/modprobe.d/lockd
 
Populate the file with the following (change your ports to reflect the desired port):
options lockd nlm_udpport=4002 nlm_tcpport=4002
 
The above will come into effect upon a reboot.
If a reboot is not feasible, you can temporarily set them with:
echo 4002 > /proc/sys/fs/nfs/nlm_tcpport
echo 4002 > /proc/sys/fs/nfs/nlm_udpport
 
SLES 9:
The kernel module that controls NFS is compiled into the SLES 9 kernel. In order to change the ports, you use a kernel parameter to change the ports. For example:
nlm_udpport=4002 nlm_tcpport=4002

Additional Information

Quotas
In some cases involving quota usage, it may be necessary to add an rquota entry to /etc/services.  For example:
rquotad 4003/tcp
rquotad 4003/udp
 
Changing the NFS port
At this time, changing the NFS port is not supported.  RFC specifications for version 4 state that the "registered port 2049...for the NFS protocol should be the default configuration."  SLES follows the RFC standard in the default scripts.  If, for some reason the port assignment for NFS needs to be changed, you will need to change /etc/init.d/nfsserver and modify the way nfsd is starting.  Please note that custom edits of the /etc/init.d/nfsserver are not recommend nor supported.  Furthermore, changed /etc/init.d scripts could be replaced during online updates or when updating to a new service pack.
 
Note:  Changing the NFS port in /etc/services will not change the port.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

노랑배 의 전체기사 보기

Copyright @2011 mediaon Corp. All rights reserved.