Bug 473964
Summary: | mount daemon port random, so iptables can't be used by default | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Daniel Veillard <veillard> |
Component: | nfs-utils | Assignee: | Steve Dickson <steved> |
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 11 | CC: | riel, steved |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-06-11 15:24:42 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Daniel Veillard
2008-12-01 16:35:49 UTC
It is true, by default, rpc.mountd does bind to random ports, but rpc.mountd can be tied to a particular port by using the "--port" option. The easiest way would be to set the RPCNFSDARGS variable in /etc/sysconfig/nfs. Is there a reason the --port option can not be used? Is there a reason it is not used by default? :) It took me a while to find out there was a random port which needed to be added to iptables, then to find out it was random and how to fix it in /etc/sysconfig/nfs . There is also a number of other random port which might be set up in that config file. Basically I really didn't want to just drop down iptables but that was by very far the easiest way. We should not put users in front of the dilemna of chasing out random port needed by undocumented servers or just drop security. I think it's our dutie to allow NFS to work once the user has selected NFS in system-config-securitylevels firewall setting. And that requires a fixed port by default as far as I understand. Daniel > Is there a reason it is not used by default? :) What should the defaults be?? As soon as we hard code a port and daemons start failing because they can't bind to that port (due to the fact its not free) will not be good either... > I think it's our dutie to allow NFS to work once the user has selected NFS in > system-config-securitylevels firewall setting. And that requires a fixed port > by default as far as I understand. Not so much "fixed" ports but registered ports similar to the ones in /etc/services. That way each daemon could do a getservbyname() call and find out which port it should use. But then again, what happens if that port is taken and the bind fails? Should the daemon try for another port or just fail? This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle. Changing version to '11'. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping I'm going to close this as not a bug since there are ways to set static port number which do seem to work. |