Date: Fri, 9 Jun 2000 10:06:39 -0400 From: Neff_Glen@emc.com To: dnelson@emsphone.com Cc: questions@freebsd.org, JONESJG@dg-rtp.dg.com Subject: RE: Problem mouting NFS exports from multi-homed servers Message-ID: <0DD20620B8B8D311985F00D0B708153B69C059@corpmx6.isus.emc.com>
next in thread | raw e-mail | index | archive | help
Thanks for your response. The NFS servers I'm mounting from, however, do
not run FreeBSD. They run a plethora of OSs. I need a method to make my
FreeBSD machine not reject NFS responses that come from a different
interface than was specified on multi-homed servers.
Thanks,
-G
/*
Glen R. J. Neff
neff_glen@emc.com
919-248-6145
Dirty deeds done for a meager 20% markup. . .
*/
-----Original Message-----
From: Dan Nelson [mailto:dnelson@emsphone.com]
Sent: Wednesday, June 07, 2000 23:50
To: Neff_Glen@emc.com
Cc: questions@freebsd.org; JONESJG@dg-rtp.dg.com
Subject: Re: Problem mouting NFS exports from multi-homed servers
In the last episode (Jun 07), Neff_Glen@emc.com said:
> Now we've put a sniffer on the 128.222.25.0/24 segment and what it looks
> like is happening is that the requests destined to the 128.222.8.29
address
> go out fine on the router and are received by commtg3 just fine on that
> segment, but that when commtg3 answers it looks at the source IP
> (128.222.25.177) then it replies back on its 128.222.25.1 interface (For
> which I can't blame it), but then snowspeeder rejects the response packets
> because they do not come back with the same source address as the
origional
> destination address of the request.
The nsfd manpage has a bit to say about multi-homing:
-h bindip
Specifies which IP address or hostname to bind to on the local
host. This option is recommended when a host has multiple
interfaces. Multiple -h options may be specified.
If nfsd is to be run on a host with multiple interfaces or
interface aliases, use of the -h option is recommended. If you do
not use the option NFS may not respond to UDP packets from the same
IP address they were sent to. Use of this option is also
recommended when securing NFS exports on a firewalling machine such
that the NFS sockets can only be accessed by the inside interface.
Ipfw would then be used to block nfs-related packets that come in
on the outside interface.
I think the problem is that by default, nfsd binds to INADDR_ANY, and
when you're sending packets out an interface bound like that, you can't
control what source IP gets put on the packect. Adding the -h makes it
listen on one IP and any packets sent through that socket will use the
same IP as well.
--
Dan Nelson
dnelson@emsphone.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0DD20620B8B8D311985F00D0B708153B69C059>