I want to harden my homeserver with a firewall. Everything is working fine except nfs. Clients cannot connect to nfs server beause of rpc.mountd uses ports dynamically. I found the option RPCMOUNTDOPTS=“–port 2048” that can be added - but all descriptions uses older versions of nfs-server. I cannot find where I have to put this option to /etc/nfs.conf so that it is recognized. There are multiple chapters in config file, I tried outside any chapter and within mountd without success. Where must the option be placed and what exactly is the syntax?
Some hints from my learnings:
If you want to use NFS4 (I strongly recommend) you may need to bind your directories via fstab to the NFS base directory.
Compare your /etc/exports to the example on the NFS page in the Arch wiki.
My NFS server has changes in the /etc/nfs.conf to restrict the IP address and the used NFS protocol versions and to improve the performance. All changes are located in the [nfsd] section.
The wiki section about NFSv4 idmapping should be checked too.
In the server section of the wiki are also explanations for thefirewall configuration. If you want to stay with NFSv3 you need to change port= in the section [mountd] in the file /etc/nfs.conf.
On the clients I am mounting the NFS shares via /etc/fstab similar to the mentioned wiki. Only my mount-options are slightly different: nfs4 defaults,rsize=32768,wsize=32768,timeo=900,retrans=5,_netdev
The mentioned changes for NFSv4 idmapping also need to be configured on the client. I am not using the static but the fallback mapping.
Sorry - I forgot: I am using nfs3. Reason is that there are some older clients which cannot be updated to use nfs4. Without activated firewall everything is working perfectly. When I activate firewall no new mounts of clients are possible. Reason is that the mount port of rpc.mount is not static, it changes. So I cannot open one specific port on firewall and need to set an static rpc.mount port. That must be in /etc/nfs.conf - but where and how. I have not found any recent information on the web, everything I found was outdated.
Is the Arch wiki (link above) outdated at that point?
See section 2.4 second paragraph. You have to change the port= setting in the section [mountd] in the file /etc/nfs.conf.
Hope it helps!
I already have read this part but I I was looking for the keyword “RPCMOUNTDOPTS” which was not present in the wiki and not in the nfs.conf. I tried the “port=” option in section mountd and it works. Many thanks!