NFS clients behind NAT routers

when trying to mount filesystems over NFS from NAT-ed machine (that is, a machine behind a NAT router) you have big chances to get the following error:

[tcp] NFS.SERVER.IP.ADDR:/fs/resources/name: RPCPROG_MNT: RPC: Authentication error; why = Client credential too weak

thats because when NAT happens the router will surely translate the tcp/udp port to something unprivileged. one must write the NAT rules to use static ports mapping.

openbsd pf users would go with using static-port option:
nat on $public_interface from $private_network to any -> $public_address static-port

ofcourse, this is not exactly an option when issuing mount requests from multiple nat clients.

however, if you have access to the nfs server in the scenario above, you just have to configure it for accepting requests from non-privileged ports as well. on BSD you have to set the rc_ var nfs_reserved_port_only to "NO" and restart the nfs daemon (it doesn't have anything to do with mountd in this case)

No comments:

Post a Comment