From owner-freebsd-questions Wed Jun 7 20:50: 5 2000 Delivered-To: freebsd-questions@freebsd.org Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101]) by hub.freebsd.org (Postfix) with ESMTP id 814DF37BE90 for ; Wed, 7 Jun 2000 20:50:02 -0700 (PDT) (envelope-from dan@dan.emsphone.com) Received: (from dan@localhost) by dan.emsphone.com (8.9.3/8.9.3) id WAA04568; Wed, 7 Jun 2000 22:49:47 -0500 (CDT) (envelope-from dan) Date: Wed, 7 Jun 2000 22:49:47 -0500 From: Dan Nelson To: Neff_Glen@emc.com Cc: questions@FreeBSD.ORG, JONESJG@dg-rtp.dg.com Subject: Re: Problem mouting NFS exports from multi-homed servers Message-ID: <20000607224947.B29029@dan.emsphone.com> References: <0DD20620B8B8D311985F00D0B708153B69C054@corpmx6.isus.emc.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <0DD20620B8B8D311985F00D0B708153B69C054@corpmx6.isus.emc.com>; from "Neff_Glen@emc.com" on Wed Jun 7 20:42:59 GMT 2000 X-OS: FreeBSD 5.0-CURRENT Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In the last episode (Jun 07), Neff_Glen@emc.com said: > Now we've put a sniffer on the 128.222.25.0/24 segment and what it looks > like is happening is that the requests destined to the 128.222.8.29 address > go out fine on the router and are received by commtg3 just fine on that > segment, but that when commtg3 answers it looks at the source IP > (128.222.25.177) then it replies back on its 128.222.25.1 interface (For > which I can't blame it), but then snowspeeder rejects the response packets > because they do not come back with the same source address as the origional > destination address of the request. The nsfd manpage has a bit to say about multi-homing: -h bindip Specifies which IP address or hostname to bind to on the local host. This option is recommended when a host has multiple interfaces. Multiple -h options may be specified. If nfsd is to be run on a host with multiple interfaces or interface aliases, use of the -h option is recommended. If you do not use the option NFS may not respond to UDP packets from the same IP address they were sent to. Use of this option is also recommended when securing NFS exports on a firewalling machine such that the NFS sockets can only be accessed by the inside interface. Ipfw would then be used to block nfs-related packets that come in on the outside interface. I think the problem is that by default, nfsd binds to INADDR_ANY, and when you're sending packets out an interface bound like that, you can't control what source IP gets put on the packect. Adding the -h makes it listen on one IP and any packets sent through that socket will use the same IP as well. -- Dan Nelson dnelson@emsphone.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message