RPC-based services often use different ports on each restart or reboot. This makes it very difficult to implement a firewall which will adequately protect a host — wide ranges of ports must be left open. If at all possible, such services should be configured to use fixed ports.
NFS is RPC-based.
When a RPC-based server starts, it chooses a random port (from a given, but wide range). It then tells the portmapping daemon (portmap under Linux, rpcbind or in older cases, portmapper, on Solaris) what port number it is listening to and what RPC program numbers it is prepared to serve. When a client wishes to make an RPC to a given program number, it will first contact portmap (or rpcbind), which always listens on port 111, on the server machine, to ask to which port number RPC packets should be sent.
So, traditionally, RPC-based services run on different ports after each restart (or reboot). Thankfully, modern implementations of NFS daemons can be started on pre-determined ports.
By default, NFS-related RPC daemons bind to essentially random ports. But with current implementations on Linux, at least, the port can be specified, for example,
rpc.rquotad -p <portnum> rpc.mountd -p <portnum>See man pages for details.
To ensure ports are fixed, modify your init scripts — or the appropriate configuration files for your distro.
/etc/sysconfig/network
MOUNTD_PORT=666 RQUOTAD_PORT=667 LOCKD_TCPPORT=668 LOCKD_UDPPORT=669
| ...previous | up (conts) | next... |