# NFS Server Question

## Scorpion265

Hello all,

I've been googling and crawling man pages, but can't seem to find an answer for this. Is it possible to have the NFS services listen on a single device? I have eth0 which is external, and eth1 which is internal. I'd like the server to only open up ports on eth1. Is this even possible?

----------

## Jaglover

Interesting question.

 *Quote:*   

> -h bindip
> 
> Specifies which IP address or hostname to bind to on the local host.  This option is recommended when a host has multiple inter-faces.  Multiple -h options may be specified.
> 
> 

 The above is from nfsd man in FreeBSD.

Below is a snippet from Gentoo nfsd man  *Quote:*   

> -H  or  --host 
> 
> hostname specify  a particular hostname (or address) that NFS requests will be accepted on. By               default, rpc.nfsd will accept NFS requests on all known network addresses.  Note that lockd  (which performs file locking services for NFS) may still accept request on all known network addresses.  This may change in future releases of the Linux Kernel.
> 
> 

 

----------

## Scorpion265

Awesome! I just found that in the man file for nfsd. I was looking in nfs  :Neutral:  The good news is it's working like a charm. I tried the -h with rpcbind, but am not having any luck with port 111. I'll keep looking around and post what I find. Thanks for the help!

----------

## Jaglover

Welcome you are!   :Very Happy: 

----------

## Hu

If you want to be especially cautious, you could use iptables rules to prohibit receiving NFS traffic from the unwanted interface.  This can be done in addition to the options you already found, so that multiple failures must occur before you are exposed.

----------

