[OmniOS-discuss] Heads up: Redhat/CentOS NFSv3 clients file locking failures

[Schweiss, Chip]

A recent change in the NLM for NFSv3 has exposed a problem with the
firewall on Redhat/CentOS.

Connections back to the client are blocked by the firewall because the
connection tracking module is not catching connections as part of the open
NFS connections to the server.

I have attempted to resolve this by opening NFS specific ports but the
server kept connecting to ports that I haven't seen referenced before
including privileged ports.

As a work around I have implemented accept rules for all TCP from the NFS
server.

This could be across all Linux distributions.  My tests have only been on
CentOS.

The problem first appears when port 111 is blocked, opening 111 basically
opens a can worms to what seems randomly selected ports of any value.   I
know on Linux NFS servers the connection ports can be limited.   Is this
possible on Illumos?

-Chip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omniosce.org/ml-archive/attachments/20140122/2016da99/attachment-0001.html>