http://bugzilla.novell.com/show_bug.cgi?id=501198 User lnussel@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=501198#c1 Ludwig Nussel changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO Info Provider| |nfbrown@novell.com --- Comment #1 from Ludwig Nussel 2009-05-11 01:30:21 MDT --- If the port is not registered with portmapper how does the server know which port to contact? If the client somehow tells the server I guess we'd need a conntrack module to inspect the packets. Ugly. Neil, any idea how to support the callback port in the firewall? Do we support callbacks at all? -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

http://bugzilla.novell.com/show_bug.cgi?id=501198 User lnussel@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=501198#c3 Ludwig Nussel changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |lnussel@novell.com AssignedTo|lnussel@novell.com |nfbrown@novell.com --- Comment #3 from Ludwig Nussel 2009-05-13 01:04:32 MDT --- (In reply to comment #2)

However the port can be explicitly set using the fs.nfs.nfs_callback_tcpport sysctl (/proc/sys/fs/nfs/nfs_callback_tcpport).

So maybe the easiest approach would be to hard code both the port and the hole in the firewall.

Ok, in this case you only need to modify your startup script and /etc/sysconfig/SuSEfirewall2.d/services/nfs-client to set a fixed port. No special treatment in SuSEfirewall2 required then. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

http://bugzilla.novell.com/show_bug.cgi?id=501198 User jnelson-suse@jamponi.net added comment http://bugzilla.novell.com/show_bug.cgi?id=501198#c5 --- Comment #5 from Jon Nelson 2009-05-13 06:27:02 MDT --- Is the callback port not akin to the other (NFSv3) RPC, like lockd and such? One of the big promises of NFSv4 was that it was going to be "single port" - 2049. Why deviate in this case? Supporting the callback is a (sometimes potentially large) performance gain. Disabling it entirely seems to miss the point, and in environments where (host-based) firewall are *not* used (internal corporate machines, for example) it seems to hurt performance for no reason. On the other hand, since lots of (most?) machines *do* deploy with host-based firewalls, this seems like a problem. Is this problem being solved by any other distro? Using the sysctl works for me, but I hate having to poke a hole in my firewall - that configuration is disconnected from the "mount" command and consequently I either have to open up the port to everybody or remember which hosts I'll be mounting *from*, and allow them in. Honestly, neither solution seems all that desirable - all due to the fact that this callback mechanism steps outside the "one port for everything" stuff. Since NFSv4 is already TCP, no special firewall config on the client is necessary as the connection *originates* with the client. This callback thing obviously also breaks (in so far as a loss of performance is "breaks") NFS-over-ssh or various other horrible contrivances that people may choose to employ. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

http://bugzilla.novell.com/show_bug.cgi?id=501198 User nfbrown@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=501198#c7 Neil Brown changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WONTFIX --- Comment #7 from Neil Brown 2009-05-20 00:05:14 MDT --- I think you are correct on all counts in the above comment. I know nfsv4.1 is being worked on but I'm not following the progress very closely. So I cannot comment on "soon". So I think this gets resolved as "wont fix" and leave you with your work-around. Thanks, NeilBrown -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.