NFS Server有一個特性,那就是除了portmapper與nfs分別是使用固定的port number外(portmapper:111,nfs:2049),其它的port都是隨機產生的,如下所示:
[root@server3 ~]# rpcinfo -p
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100011 1 udp 745 rquotad
100011 2 udp 745 rquotad
100011 1 tcp 748 rquotad
100011 2 tcp 748 rquotad
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100021 1 udp 1028 nlockmgr
100021 3 udp 1028 nlockmgr
100021 4 udp 1028 nlockmgr
100021 1 tcp 3767 nlockmgr
100021 3 tcp 3767 nlockmgr
100021 4 tcp 3767 nlockmgr
100005 1 udp 760 mountd
100005 1 tcp 763 mountd
100005 2 udp 760 mountd
100005 2 tcp 763 mountd
100005 3 udp 760 mountd
100005 3 tcp 763 mountd
100024 1 udp 832 status
100024 1 tcp 835 status
[root@server3 ~]# service nfs restart; service nfslock restart
Shutting down NFS mountd: [ OK ]
Shutting down NFS daemon: [ OK ]
Shutting down NFS quotas: [ OK ]
Shutting down NFS services: [ OK ]
Starting NFS services: [ OK ]
Starting NFS quotas: [ OK ]
Starting NFS daemon: [ OK ]
Starting NFS mountd: [ OK ]
Stopping NFS locking: [ OK ]
Stopping NFS statd: [ OK ]
Starting NFS statd: [ OK ]
[root@server3 ~]# rpcinfo -p
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100011 1 udp 904 rquotad
100011 2 udp 904 rquotad
100011 1 tcp 907 rquotad
100011 2 tcp 907 rquotad
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100021 1 udp 1028 nlockmgr
100021 3 udp 1028 nlockmgr
100021 4 udp 1028 nlockmgr
100021 1 tcp 2229 nlockmgr
100021 3 tcp 2229 nlockmgr
100021 4 tcp 2229 nlockmgr
100005 1 udp 919 mountd
100005 1 tcp 922 mountd
100005 2 udp 919 mountd
100005 2 tcp 922 mountd
100005 3 udp 919 mountd
100005 3 tcp 922 mountd
100024 1 udp 971 status
100024 1 tcp 974 status
如果要利用iptables加以控管實在是有些困難之處,所以我們可以做的是將這些daemon指定使用固定的port number,以下的步驟將告訴你怎麼做到這一點:
Linux distro: CentOS 5.0
1. 修改/etc/sysconfig/nfs檔案中的參數如下:
RQUOTAD_PORT=9000
LOCKD_TCPPORT=9001
LOCKD_UDPPORT=9001
MOUNTD_PORT=9002
STATD_PORT=9003
2. 重啟nfs與nfslock daemon,並驗證:
[root@server3 ~]# service nfs restart; service nfslock restart
Shutting down NFS mountd: [ OK ]
Shutting down NFS daemon: [ OK ]
Shutting down NFS quotas: [ OK ]
Shutting down NFS services: [ OK ]
Starting NFS services: [ OK ]
Starting NFS quotas: [ OK ]
Starting NFS daemon: [ OK ]
Starting NFS mountd: [ OK ]
Stopping NFS locking: [ OK ]
Stopping NFS statd: [ OK ]
Starting NFS statd: [ OK ]
[root@server3 ~]# rpcinfo -p
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100011 1 udp 9000 rquotad
100011 2 udp 9000 rquotad
100011 1 tcp 9000 rquotad
100011 2 tcp 9000 rquotad
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100021 1 udp 9001 nlockmgr
100021 3 udp 9001 nlockmgr
100021 4 udp 9001 nlockmgr
100021 1 tcp 9001 nlockmgr
100021 3 tcp 9001 nlockmgr
100021 4 tcp 9001 nlockmgr
100005 1 udp 9002 mountd
100005 1 tcp 9002 mountd
100005 2 udp 9002 mountd
100005 2 tcp 9002 mountd
100005 3 udp 9002 mountd
100005 3 tcp 9002 mountd
100024 1 udp 9003 status
100024 1 tcp 9003 status
如此便完成了固定NFS Server的port number。
4 comments:
筆誤
------------------------------------------------------------------
1. 修改/etc/sysconfing/nfs檔案中的參數如下:
------------------------------------------------------------------
1. 修改/etc/sysconfig/nfs檔案中的參數如下:
------------------------------------------------------------------
Hi,
感謝提醒,已修正。
portmapper:110,nfs:2049
portmapper似乎應該是111?
是的沒錯應該是111,又是筆誤了,感謝指教.
Post a Comment