# NFS just mount using mound random UDP port.



## rigoletto@ (Oct 14, 2016)

Hello,

I am trying to get NFS properly working but I couldn't find a way to make it.

First, I am taking the tests with PF set to "NO", with it is set to "YES" I can mount the NFS share if I open the specific UDP port MOUNTD is using when the server boot, for the rest it make no difference

`cat /etc/rc.conf`

```
zfs_enable="YES"

hostname="server"
ifconfig_em0="inet 192.168.0.200 netmask 255.255.255.0"
defaultrouter="192.168.0.1"
cloned_interfaces="lo1"

blacklistd_enable="YES"

local_unbound_enable="YES"

fsck_y_enable="YES"
   background_fsck="NO"

kern_securelevel_enable="NO"
   kern_securelevel="1"

pf_enable="YES"
fail2ban_enable="YES"

sshd_enable="YES"
ntpd_enable="YES"
powerd_enable="YES"

nfs_server_enable="YES"
   nfs_server_flags="-r -t -n 4"
rpcbind_enable="YES"
mountd_flags="-r"

qjail_enable="YES"

dumpdev="AUTO"
keymap="br"
```

`cat /etc/pf.conf`

```
ext_if = "em0"
int_if = "em1"

host_server = "192.168.0.200"
backup_jail = "192.168.0.210"
webserver_jail = "192.168.0.254"

tcp_pass_host = "{ 22 53 111 2049 }"
udp_pass_host = "{ 53 111 2049 }"

tcp_pass_backup = "{ 548 }"

tcp_pass_webserver = "{ 80 443 }"

icmp_types = "echoreq"

table <bruteforce> persist
table <fail2ban> persist
table <local> { 192.168.0.0/24, 192.168.1.0/24 }

set loginterface $ext_if
set skip on lo0

scrub out on $ext_if all fragment reassemble random-id
scrub in on $ext_if all fragment reassemble

antispoof log quick for $ext_if inet

block log all
block quick from <bruteforce>
block quick from <fail2ban>

pass inet proto icmp all icmp-type $icmp_types keep state
pass inet proto icmp from <local> to any keep state

pass log on $ext_if inet proto tcp from any to any port ssh \
        flags S/SA keep state \
        (max-src-conn 100, max-src-conn-rate 15/5, \
        overload <bruteforce> flush global)

pass out all

pass in quick proto tcp from <local> to $host_server port $tcp_pass_host
pass in quick proto udp from <local> to $host_server port $udp_pass_host

pass in quick proto tcp from <local> to $backup_jail port $tcp_pass_backup

pass in proto tcp from any to $webserver_jail port $tcp_pass_webserver synproxy state
```


`cat /etc/exports`

```
/backup/alex 192.168.0.10
```

`showmount -e`

```
Exports list on localhost:
/backup/alex 192.168.0.10
```

`mount -v 192.168.0.200:/backup/alex /home/backup` [on client (Gentoo)]

```
mount.nfs: timeout set for Fri Oct 14 00:41:40 2016
mount.nfs: trying text-based options 'vers=4.2,addr=192.168.0.200,clientaddr=192.168.0.10'
mount.nfs: mount(2): Protocol not supported
mount.nfs: trying text-based options 'vers=4.1,addr=192.168.0.200,clientaddr=192.168.0.10'
mount.nfs: mount(2): Protocol not supported
mount.nfs: trying text-based options 'vers=4.0,addr=192.168.0.200,clientaddr=192.168.0.10'
mount.nfs: mount(2): Protocol not supported
mount.nfs: trying text-based options 'addr=192.168.0.200'
mount.nfs: prog 100003, trying vers=3, prot=6
mount.nfs: trying 192.168.0.200 prog 100003 vers 3 prot TCP port 2049
mount.nfs: portmap query failed: RPC: Remote system error - Connection refused
```

Now a specific behavior related with nfs_server_flags="-r -t -n 4".

I disabled UDP for test purposes. With *-r *NFSD seem to start but `service nfsd status` show it is not working. Without *-r *does not matter if there is *-u* or not, it still working on UDP too.

Thanks!

EDIT: *FreeBSD 11.0-RELEASE-p1*

`cat /etc/src.conf`

```
WITHOUT_BHYVE=YES
WITHOUT_BLUETOOTH=YES
WITHOUT_CALENDAR=YES
WITHOUT_DEBUG_FILES=YES
WITHOUT_EE=YES
WITHOUT_FLOPPY=YES
WITHOUT_FREEBSD_UPDATE=YES
WITHOUT_GAMES=YES
WITHOUT_GSSAPI=YES
WITHOUT_HYPERV=YES
WITHOUT_IPFILTER=YES
WITHOUT_IPFW=YES
WITHOUT_KERBEROS=YES
WITHOUT_KVM=YES
WITHOUT_LIB32=YES
WITHOUT_MAIL=YES
WITHOUT_PC_SYSINSTALL=YES
WITHOUT_PPP=YES
WITHOUT_PROFILE=YES
WITHOUT_SENDMAIL=YES
WITHOUT_SVNLITE=YES
WITHOUT_TALK=YES
WITHOUT_TELNET=YES
WITHOUT_WIRELESS=YES
```


----------



## rigoletto@ (Oct 14, 2016)

UPDATE:

If `mount -v 192.168.0.200:/backup/alex /home/backup` [on client (Gentoo)] were executed using ROOT (not using `sudo`):


```
mount.nfs: timeout set for Fri Oct 14 01:16:28 2016
mount.nfs: trying text-based options 'vers=4.2,addr=192.168.0.200,clientaddr=192.168.0.10'
mount.nfs: mount(2): Protocol not supported
mount.nfs: trying text-based options 'vers=4.1,addr=192.168.0.200,clientaddr=192.168.0.10'
mount.nfs: mount(2): Protocol not supported
mount.nfs: trying text-based options 'vers=4.0,addr=192.168.0.200,clientaddr=192.168.0.10'
mount.nfs: mount(2): Protocol not supported
mount.nfs: trying text-based options 'addr=192.168.0.200'
mount.nfs: prog 100003, trying vers=3, prot=6
mount.nfs: portmap query retrying: RPC: Program not registered
mount.nfs: prog 100003, trying vers=3, prot=17
mount.nfs: portmap query failed: RPC: Program not registered
mount.nfs: requested NFS version or transport protocol is not supported
```

Basically the same happens if I try to mount on the host, after add in it  to exports, of course.


----------

