From owner-freebsd-questions Fri Jun 9 7: 6:59 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mxbh4.isus.emc.com (mxbh4.isus.emc.com [168.159.208.52]) by hub.freebsd.org (Postfix) with ESMTP id 004FD37BD67 for ; Fri, 9 Jun 2000 07:06:56 -0700 (PDT) (envelope-from Neff_Glen@emc.com) Received: by mxbh4.isus.emc.com with Internet Mail Service (5.5.2448.0) id ; Fri, 9 Jun 2000 10:06:54 -0400 Message-ID: <0DD20620B8B8D311985F00D0B708153B69C059@corpmx6.isus.emc.com> From: Neff_Glen@emc.com To: dnelson@emsphone.com Cc: questions@freebsd.org, JONESJG@dg-rtp.dg.com Subject: RE: Problem mouting NFS exports from multi-homed servers Date: Fri, 9 Jun 2000 10:06:39 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Thanks for your response. The NFS servers I'm mounting from, however, do not run FreeBSD. They run a plethora of OSs. I need a method to make my FreeBSD machine not reject NFS responses that come from a different interface than was specified on multi-homed servers. Thanks, -G /* Glen R. J. Neff neff_glen@emc.com 919-248-6145 Dirty deeds done for a meager 20% markup. . . */ -----Original Message----- From: Dan Nelson [mailto:dnelson@emsphone.com] Sent: Wednesday, June 07, 2000 23:50 To: Neff_Glen@emc.com Cc: questions@freebsd.org; JONESJG@dg-rtp.dg.com Subject: Re: Problem mouting NFS exports from multi-homed servers In the last episode (Jun 07), Neff_Glen@emc.com said: > Now we've put a sniffer on the 128.222.25.0/24 segment and what it looks > like is happening is that the requests destined to the 128.222.8.29 address > go out fine on the router and are received by commtg3 just fine on that > segment, but that when commtg3 answers it looks at the source IP > (128.222.25.177) then it replies back on its 128.222.25.1 interface (For > which I can't blame it), but then snowspeeder rejects the response packets > because they do not come back with the same source address as the origional > destination address of the request. The nsfd manpage has a bit to say about multi-homing: -h bindip Specifies which IP address or hostname to bind to on the local host. This option is recommended when a host has multiple interfaces. Multiple -h options may be specified. If nfsd is to be run on a host with multiple interfaces or interface aliases, use of the -h option is recommended. If you do not use the option NFS may not respond to UDP packets from the same IP address they were sent to. Use of this option is also recommended when securing NFS exports on a firewalling machine such that the NFS sockets can only be accessed by the inside interface. Ipfw would then be used to block nfs-related packets that come in on the outside interface. I think the problem is that by default, nfsd binds to INADDR_ANY, and when you're sending packets out an interface bound like that, you can't control what source IP gets put on the packect. Adding the -h makes it listen on one IP and any packets sent through that socket will use the same IP as well. -- Dan Nelson dnelson@emsphone.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message