Bug#477503: nfs-common: tcp mounts require udp

Andy Wettstein Wed, 23 Apr 2008 08:50:11 -0700

Package: nfs-common
Version: 1:1.1.2-2
Severity: normal

If I block UDP connections to a NFS server and try to NFS mount
something on the server with TCP it fails.


# iptables -A OUTPUT -p udp -d nfs-server -j DROP
# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
DROP       udp  --  anywhere             nfs-server.localdomain  

# mount -t nfs -o tcp -v nfs-server:/data /mnt
mount.nfs: timeout set for Wed Apr 23 10:33:14 2008
mount.nfs: text-based options: 'tcp,addr=192.168.0.1'
mount.nfs: internal error

# iptables -F
# mount -t nfs -o tcp -v nfs-server:/data /mnt
mount.nfs: timeout set for Wed Apr 23 10:39:45 2008
mount.nfs: text-based options: 'tcp,addr=192.168.0.1'
nfs-server:/data on /mnt type nfs (rw,tcp)

I've tested a few other distros ( Ubuntu 6.06, Scientific Linux 4,
Scientific Linux 5 ) and TCP mounts still work if I block UDP.  

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.24-1-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages nfs-common depends on:
ii  adduser               3.107              add and remove users and groups
ii  initscripts           2.86.ds1-56        Scripts for initializing and shutt
ii  libc6                 2.7-10             GNU C Library: Shared libraries
ii  libcomerr2            1.40.8-2           common error description library
ii  libevent1             1.3e-2             An asynchronous event notification
ii  libgssglue1           0.1-2              mechanism-switch gssapi library
ii  libkrb53              1.6.dfsg.3~beta1-4 MIT Kerberos runtime libraries
ii  libldap-2.4-2         2.4.7-6.2          OpenLDAP libraries
ii  libnfsidmap2          0.20-1             An nfs idmapping library
ii  librpcsecgss3         0.18-1             allows secure rpc communication us
ii  libwrap0              7.6.q-15           Wietse Venema's TCP wrappers libra
ii  lsb-base              3.2-10             Linux Standard Base 3.2 init scrip
ii  netbase               4.32               Basic TCP/IP networking system
ii  portmap               6.0-5              RPC port mapper
ii  ucf                   3.006              Update Configuration File: preserv

nfs-common recommends no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#477503: nfs-common: tcp mounts require udp

Reply via email to