6

I've been trying to find the definitive answer to this question, but I'm getting conflicting results due to various NFS versions out there.

I've configured NFSv4 by following https://help.ubuntu.com/community/NFSv4Howto and currently have the following services running on my machine:

  • rpc.mountd
  • rpcbind
  • nfsd
  • lockd

Which of these are required to run an NFS server in v4 only? How do I disable the rest? Consequently, which ports should I open on my firewall?

PS: I'm on Ubuntu 18.04

Saurabh Nanda
  • 449
  • 1
  • 7
  • 17

1 Answers1

9

Only rpc.mountd and nfsd are required to be running for NFSv4.

NFSv4 runs on TCP port 2049. The NFS server must accept incoming connections on this port. Unlike previous versions of NFS, this is the only port that is required.

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
  • what is rpc.mountd used for in NFSv4 and what port does it run on? – Saurabh Nanda Feb 19 '19 at 15:04
  • 1
    @SaurabhNanda rpc.mountd sets up the exports. It does not require a port listening for outside connections; it only communicates on the local host. – Michael Hampton Feb 19 '19 at 15:05
  • What about [idmapd](http://man7.org/linux/man-pages/man8/idmapd.8.html) ? Or can you run NFSv4 without? – HBruijn Feb 19 '19 at 15:58
  • 2
    @HBruijn rpc.idmapd isn't required unless you're doing ID mapping. Typically this is only going to occur if the server is joined to some sort of domain (AD, FreeIPA, etc). It uses rpc_pipefs on Linux. – Michael Hampton Feb 19 '19 at 16:05
  • @HBruijn checking-in on this again. `rpc.mountd` seems to be listening on port 5500 and NFS seems to be worked fine even if I don't open this port on the firewall. Is this expected? Why is `rpc.mountd` even listening on that port? Can one safely disable `rpc.idmapd` and `rpc.bind` via systemd the case of NFS v4? It seems that both of these are started by `rpcbind.service` -- can it be disabled safely? – Saurabh Nanda Mar 05 '19 at 05:49
  • @SaurabhNanda As far as I know, disabling NFSv2 and NFSv3 should disable the mountd service. See the instructions under the "NFSv4 only" heading at https://wiki.debian.org/NFSServerSetup. These instructions are for Debian, but it should work for Ubuntu too. – Daniel Lo Nigro Jun 27 '19 at 05:43