[<prev] [next>] [day] [month] [year] [list]
Message-ID: <fcbf9e82-536b-7144-612a-7fe22e96dc59@in.tum.de>
Date: Thu, 24 Aug 2017 16:04:01 +1000
From: Lukas Erlacher <erlacher@...tum.de>
To: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: No option for client bind address in NFS?
Hello,
after reading the NFS(5) manpage and doing some searching through the
mailing list archive (of course, due to it being ubiquitous in posted
logs, searching for "addr" and "clientaddr" was a bit hopeless) I have
come to conclude that NFS does not have an option for explicitly
specifying an address for the client socket to bind to.
This is problematic for my usecase, which is "securing" NFS shares by
exporting them to specific client hostnames only.
Most of my NFS client machines have multiple IP addresses and since
configuring IP addresses and routes on debian-ish systems can be quite
an art, I don't want to trust on the default route going via the correct
IP so that the NFS server recognizes the host; I also don't want to go
to the effort of having the shares exported to every possible IP that
might be configured on the client.
Most utilities (e.g. ping, dig) have an option to specify an explicit
client socket bind address.
Why doesn't NFS have that? (As I understand it, the clientaddr option
firstly is only interpreted by NFSv4 and secondly, is not the bind
address but only used by the server for callbacks)
For reference, my NFS server are Ubuntu 14.04/16.04 VMs using the
nfs-kernel-server package, as well as Solaris machines using the
"sharenfs" option on ZFS pools; my clients are Ubuntu 14.04/16.04 VMs
using nfs-common package.
Best,
Lukas Erlacher
RBG Systemgruppe
Rechnerbetriebsgruppe der Fakultäten Informatik und Mathematik
Technische Universität München
Download attachment "smime.p7s" of type "application/pkcs7-signature" (5167 bytes)
Powered by blists - more mailing lists