[linux] Force mountd to use UDP

Cere M. Davis cere at u.washington.edu
Thu Dec 2 16:02:09 PST 2004



I just new you'd come up with some kind of elaborate yet does-the-job kind
of answer. ;)

-Cere

On Thu, 2 Dec 2004 zanfur at zanfur.com wrote:


> Date: Thu, 2 Dec 2004 14:46:08 -0800

> From: zanfur at zanfur.com

> Reply-To: Linux/Unix Users Group at the UW <linux at u.washington.edu>

> To: Michal <michalg at gmail.com>,

> Linux/Unix Users Group at the UW <linux at u.washington.edu>

> Subject: Re: [linux] Force mountd to use UDP

>

> Michal:

>

> The rpc.mountd daemon registers program 100005 (mountd) with the

> portmapper, not 100003 (nfs). this is the daemon that handles the mount

> rpc call, but the nfs daemon handles the nfs requests -- so you can have a

> tcp mount request that mounts nfs over udp, for example.

>

> To disable nfs over tcp functionality, you need to set CONFIG_NFSD_TCP=N

> in the kernel configuration and recompile the module. You will of course

> have to set CONFIG_NFSD equal to M or Y for this to work. I recommend

> compiling it as a module twice, once with the tcp option turned on and

> once with it turned off, so you can choose at a whim which one to load at

> any given time.

>

> However, this isn't necessary to stop it from exporting over tcp. The

> problem is that portmap is advertising nfs over tcp -- the kernel can

> allow it all it wants, but if the rpcinfo call returns just the udp

> services, that's all that will get used. There's a trick to unregistering

> particular portmap services (blank lines added between commands for

> clarity):

>

> # rpcinfo -u localhost 100003

> program 100003 version 2 ready and waiting

> program 100003 version 3 ready and waiting

>

> # rpcinfo -t localhost 100003

> program 100003 version 2 ready and waiting

> program 100003 version 3 ready and waiting

>

> # pmap_dump

> 100000 2 tcp 111 portmapper

> 100000 2 udp 111 portmapper

> 100003 2 udp 2049 nfs

> 100003 3 udp 2049 nfs

> 100003 2 tcp 2049 nfs

> 100003 3 tcp 2049 nfs

> 100005 1 udp 769 mountd

> 100005 1 tcp 772 mountd

> 100005 2 udp 769 mountd

> 100005 2 tcp 772 mountd

> 100005 3 udp 769 mountd

> 100005 3 tcp 772 mountd

> 100024 1 udp 863 status

> 100024 1 tcp 866 status

>

> # pmap_dump | egrep -v '100003.*tcp' > /tmp/pmap_dump.out

>

> # /etc/init.d/portmap stop

>

> # /etc/init.d/portmap start

>

> # pmap_dump

> 100000 2 tcp 111 portmapper

> 100000 2 udp 111 portmapper

>

> # pmap_set < /tmp/pmap_dump.out

>

> # pmap_dump

> 100000 2 tcp 111 portmapper

> 100000 2 udp 111 portmapper

> 100003 2 udp 2049 nfs

> 100003 3 udp 2049 nfs

> 100005 1 udp 769 mountd

> 100005 1 tcp 772 mountd

> 100005 2 udp 769 mountd

> 100005 2 tcp 772 mountd

> 100005 3 udp 769 mountd

> 100005 3 tcp 772 mountd

> 100024 1 udp 863 status

> 100024 1 tcp 866 status

>

> # rpcinfo -u localhost 100003

> program 100003 version 2 ready and waiting

> program 100003 version 3 ready and waiting

>

> # rpcinfo -t localhost 100003

> rpcinfo: RPC: Program not registered

> program 100003 is not available

>

> And viola! no more registered nfs over tcp, so no more exports over tcp.

> To make it do that at boot, add the key lines of that to rc.local (these

> are all you really need, the rest of the above was just information

> commands to show the before and after states):

>

> # pmap_dump | egrep -v '100003.*tcp' > /tmp/pmap_dump.out

>

> # /etc/init.d/portmap stop

>

> # /etc/init.d/portmap start

>

> # pmap_set < /tmp/pmap_dump.out

>

> Cheers!

> -robin

>

>

> On Wed, Dec 01, 2004 at 05:54:22PM -0800, Michal wrote:

> > I posted this question to comp.protocol.nfs this morning, but things

> > are slow there.. so I'm hoping someone here can chime in with a clue.

> > Thanks!

> >

> > ---

> >

> > My goal is to configure a server to avoid exporting its files over

> > TCP. I want to force UDP.

> >

> > The server is Fedora Core 1, Linux kernel 2.4.22. On this server,

> > "/usr/sbin/rpcinfo -p | grep nfs" reports:

> >

> > 100003 2 udp 2049 nfs

> > 100003 3 udp 2049 nfs

> > 100003 2 tcp 2049 nfs

> > 100003 3 tcp 2049 nfs

> >

> > I modified the script /etc/init.d/nfs which starts NFS services such

> > that rpc.mountd is started with the "--no-tcp" argument. The

> > rpc.mountd documentation says this means "Don't advertise TCP for

> > mount." Yet, rpcinfo still reports NFS services for both UDP and TCP.

> > Mounting its exports on remote systems causes them to be mounted with

> > "proto=tcp".

> >

> > There is another NFS server with an older version of Linux (2.4.18)

> > running RedHat 7.3. Running "rpcinfo -p | grep nfs" on it reports:

> >

> > 100003 2 udp 2049 nfs

> > 100003 3 udp 2049 nfs

> >

> > Mounting its exports on remote systems causes them to be mounted with

> > "proto=udp".

> >

> > I don't know what else to try on the FC1 box to force it to stop

> > servicing NFS/TCP services.

> >

> > Can anyone help?

> >

> > -Michal

>

>


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cere Davis
Unix Systems Administrator - CSDE
cere at u.washington.edu ph: 206.685.5346
https://staff.washington.edu/cere

GnuPG Key http://staff.washington.edu/cere/gpgkey.txt
Key fingerprint = B63C 2361 3B9B 8599 ECC9 D061 3E48 A832 F455 9E7FA






More information about the Linux mailing list