Opensuse 13.1 and Macosx NFS with static ports

Posted on Sun 26 January 2014 in misc

Since my new lab setup, everything on my main opensuse Linux machine is now in a different Juniper zone to my mac laptop and thus firewalled.

This NFS setup for me was one of the few times where it was easier to do the same thing in RHEL5.  I was also unable to find any documentation for this from suse.

This brief post shows the firewall ports and software configuration I used to set up for nfs-server on opensuse and nfs client on Mountain Lion. The mac client configuration was not required for my OpenElec box.

This NFS setup is for read-only.  There may be additional requirements for rw which I have not covered.

It also makes the assumption that ports 111 and 2049 UDP and TCP have already been accounted for.  The ports I used for MountD, StatD and LockD are arbitrary.

Setting Static Ports for MountD, StatD and LockD

MountD

In /etc/sysconfig/nfs set

MOUNTD_PORT="21000"

StatdD

In /etc/sysconfig/nfs set

STATD_OPTIONS="-p 22000"

LockD / nlm

This one took me a while to work out, I was trying to trace the executable that owned the open port with lsof, and when that drew a blank I realised it must be set at kernel level.

These need to be set with sysctl.  I put my values in /etc/sysctl.conf and reloaded with sysctl -p

fs.nfs.nlm_tcpport = 23000
fs.nfs.nlm_udpport = 23000

Disable NFSv4

Theo de Raadt wrote: "NFSv4 is not on our roadmap. It is a ridiculous bloated protocol which they keep adding crap to."

I came across this on the Wikipedia page for NFS when checking to see which versions I really wanted.  Since I'm not doing authentication and Theo says it wont make it into OpenBSD  I'm keen to disable it.

In /etc/sysconfig/nfs set NFS4_SUPPORT="no"

Restart Server

Once you restart NFS and run rpcinfo -p you should find all the ports you need can now be accounted for.

Mac client configuration

Although using a mac most days, I'm not that well versed on how to administer it.  Anyway,  with the above setup I was finding that from the command line I could read the export fine, but Finder was really not playing ball.  No directory listing makes it effectively useless unless using the cli.  I also strongly dislike most of user contributed documentation for mac on the internet (which tends to consist of "Steve Jobs didn't want you to do it like that" or "I bought this (closed source) app which works for me")

Anyway, as it turns out Mountain Lion is pretty slick to setup nfs and the man pages are pretty good.  Using rpcinfo -p and setting a block and log policy on my Juniper I was able to work out that you just need to set the LockD and StatD ports in /etc/nfs.conf

nfs.lockd.port = 23000
nfs.statd.port = 22000

Export and mount settings

For reference, these are the export and mount settings I am using

in /etc/exports

/[path] [client_ip](fsid=0,crossmnt,ro,root_squash,sync,no_subtree_check)

mount on mac

sudo mount -t  nfs -o resvport,nfc <server ip>[server_ip]:[export_path] [mount_path]