[Bug 501198] New: susefirewall, rpcinfo, nfsv4 and nfsv4 callback port
http://bugzilla.novell.com/show_bug.cgi?id=501198 Summary: susefirewall, rpcinfo, nfsv4 and nfsv4 callback port Classification: openSUSE Product: openSUSE 11.1 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Network AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: jnelson-suse@jamponi.net QAContact: qa@suse.de Found By: --- User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.0.9) Gecko/2009041500 SUSE/3.0.9-0.1.1 Firefox/3.0.9 NFSv4 supports a callback port for delegation (see item 12 here: http://www.vanemery.com/Linux/NFSv4/NFSv4-no-rpcsec.html#notes). The current SuSEfirewall does not support this port as it is dynamic. Furthermore, rpcinfo -p does not *list* this port (which it should), almost certainly a necessity for SuSEfirewall2 to support opening that port. Without the port, certain operations time out and the firewall logs get spammed. Both rpcinfo and SuSEfirewall should support this NFSv4-specific callback port. Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=501198
Zheng Chen
http://bugzilla.novell.com/show_bug.cgi?id=501198
User lnussel@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=501198#c1
Ludwig Nussel
http://bugzilla.novell.com/show_bug.cgi?id=501198
User nfbrown@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=501198#c2
Neil Brown
http://bugzilla.novell.com/show_bug.cgi?id=501198
User lnussel@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=501198#c3
Ludwig Nussel
However the port can be explicitly set using the fs.nfs.nfs_callback_tcpport sysctl (/proc/sys/fs/nfs/nfs_callback_tcpport).
So maybe the easiest approach would be to hard code both the port and the hole in the firewall.
Ok, in this case you only need to modify your startup script and /etc/sysconfig/SuSEfirewall2.d/services/nfs-client to set a fixed port. No special treatment in SuSEfirewall2 required then. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=501198
User lnussel@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=501198#c4
--- Comment #4 from Ludwig Nussel
http://bugzilla.novell.com/show_bug.cgi?id=501198
User jnelson-suse@jamponi.net added comment
http://bugzilla.novell.com/show_bug.cgi?id=501198#c5
--- Comment #5 from Jon Nelson
http://bugzilla.novell.com/show_bug.cgi?id=501198
User jnelson-suse@jamponi.net added comment
http://bugzilla.novell.com/show_bug.cgi?id=501198#c6
--- Comment #6 from Jon Nelson
http://bugzilla.novell.com/show_bug.cgi?id=501198
User nfbrown@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=501198#c7
Neil Brown
participants (1)
-
bugzilla_noreply@novell.com