http://bugzilla.novell.com/show_bug.cgi?id=501198
User jnelson-suse@jamponi.net added comment
http://bugzilla.novell.com/show_bug.cgi?id=501198#c5
--- Comment #5 from Jon Nelson 2009-05-13 06:27:02 MDT ---
Is the callback port not akin to the other (NFSv3) RPC, like lockd and such?
One of the big promises of NFSv4 was that it was going to be "single port" -
2049. Why deviate in this case? Supporting the callback is a (sometimes
potentially large) performance gain. Disabling it entirely seems to miss the
point, and in environments where (host-based) firewall are *not* used (internal
corporate machines, for example) it seems to hurt performance for no reason. On
the other hand, since lots of (most?) machines *do* deploy with host-based
firewalls, this seems like a problem.
Is this problem being solved by any other distro? Using the sysctl works for
me, but I hate having to poke a hole in my firewall - that configuration is
disconnected from the "mount" command and consequently I either have to open up
the port to everybody or remember which hosts I'll be mounting *from*, and
allow them in.
Honestly, neither solution seems all that desirable - all due to the fact that
this callback mechanism steps outside the "one port for everything" stuff.
Since NFSv4 is already TCP, no special firewall config on the client is
necessary as the connection *originates* with the client. This callback thing
obviously also breaks (in so far as a loss of performance is "breaks")
NFS-over-ssh or various other horrible contrivances that people may choose to
employ.
--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.