4

I'm trying to use tcp/111 for rpcbind under Debian Wheezy instead of udp/111. The portmap in Squeeze uses tcp/111 without any special configuration, but Wheezy fails.

Even numerous sites (as well as RFC) says TCP or UDP is selected dynamically, or sometimes that TCP is used if UDP fails... - when I reject udp/111 (with iptables) on Wheezy client with rpcbind, I get errors...

# showmount -e server
Export list for server:
....
# iptables -I OUTPUT -j REJECT -d server -p udp --dport 111 --reject-with icmp-port-unreachable
# showmount -e server
clnt_create: RPC: Port mapper failure - Unable to send: errno 1 (Operation not permitted)
# rpcinfo -p
 program vers proto   port  service
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100000    2   tcp    111  portmapper
    100000    4   udp    111  portmapper
    100000    3   udp    111  portmapper
    100000    2   udp    111  portmapper
#

How can I setup rpcbind to use TCP only?

Matej Kovac
  • 141
  • 1
  • 4
  • What happens when you just drop the packet instead of rejecting? – Nathan C May 15 '13 at 15:49
  • Just a timeout. No retry via TCP. – Matej Kovac May 15 '13 at 16:31
  • try to comment out in /etc/netconfig – kofemann May 15 '13 at 18:22
  • I'm playing with netconfig since yesterday evening, but fail to see the magic. Commenting udp leads to "RPC: Unknown host" error, as well as if I change to tcp, or and fields to tcp. Changing only to tcp while keeping udp has no effect (i.e. using udp for transfer, works well). Man states that file is searched from top to bottom, but reordering tcp/udp lines didn't help (works, uses udp). – Matej Kovac May 16 '13 at 09:45
  • I wonder if you were to comment out the 111 udp entry in /etc/services, whether this would force rpcbind to use only tcp. – Michael Martinez Aug 14 '15 at 21:08

1 Answers1

1

If you mount with vers=3,proto=tcp, TCP is used when querying rpcbind for the actual mount:

$ tshark -nr nfs.pcap "tcp.stream eq 0"
 2  192.168.1.89 36200 192.168.1.60   111 TCP 74 [SYN]
 3  192.168.1.60   111 192.168.1.89 36200 TCP 74 [SYN, ACK]
 4  192.168.1.89 36200 192.168.1.60   111 TCP 66 [ACK]
 5  192.168.1.89 36200 192.168.1.60   111 Portmap 126 V2 GETPORT Call
 6  192.168.1.60   111 192.168.1.89 36200 TCP 66 [ACK]
 7  192.168.1.60   111 192.168.1.89 36200 Portmap 98 V2 GETPORT Reply (Call In 5)
 8  192.168.1.89 36200 192.168.1.60   111 TCP 66 [ACK]
 9  192.168.1.89 36200 192.168.1.60   111 TCP 66 [FIN, ACK]
10  192.168.1.60   111 192.168.1.89 36200 TCP 66 [FIN, ACK]
11  192.168.1.89 36200 192.168.1.60   111 TCP 66 [ACK]

I can only assume showmount is hard-coded to use UDP. I tried to read the source of nfs-utils but got lost in showmount.c after clnt_call(), sorry.

suprjami
  • 3,476
  • 20
  • 29