# NFSv4 & NAT traversal [SOLVED]

## ggeeoo

I have to use NFS behind a NAT so I decided to try NFSv4 since traversing NAT with NFSv3 is not possible. On the server I have the following configuration:

```
/export       *(rw,fsid=root,insecure,no_subtree_check,async,all_squash)

/export/test  *(rw,nohide,insecure,async,no_subtree_check)
```

On the client I give

```
mount -t nfs4 -o tcp nfs4_server:/test /mnt/test
```

The problem is that the above command works just fine when the client is directly connected in the same network as the server, but it doesn't work when the client is connected via NAT (the configuration of client is otherwise the same). It fails with the following error:

```
mount.nfs4: Operation not permitted
```

So the problem seems to be caused by NAT.

This seems strange to me: in NFSv4, the client establishes a single outbound tcp connection to the server (on the remote port 2049). Why is NAT causing a problem to that? After all, I can successfully establish this tcp connection using netcat.Last edited by ggeeoo on Wed Sep 02, 2009 2:12 am; edited 1 time in total

----------

## richard.scott

From what I can understand TCP is the default in NFSv4 so you don't need the "-o tcp" option.

try this as your mount command:

```
mount -t nfs4 nfs4_server:/export/test /mnt/test
```

Note the lack of "-o tcp" and the addition of "/export" in the servers directory name.

AFAIK the export is relative to root so /test won't work, but /export/test should.

Rich.

----------

## ggeeoo

 *richard.scott wrote:*   

> AFAIK the export is relative to root so /test won't work, but /export/test should.
> 
> Rich.

 

In NFSv4 (unlike v3), the export is relative to the root of the "NFSv4 pseudofileystem" which is specified by the "fsid=root" (or  "fsid=0") option.

Besides, as I explained above, the command (with or without "-o tcp")

```
mount -t nfs4 -o tcp nfs4_server:/test /mnt/test
```

actually works when I am connected directly to the server's network.

----------

## ggeeoo

Ok, I don't know why but the following worked:

I changed the following line in /etc/exports, from

```
/export/test  *(rw,nohide,insecure,async,no_subtree_check)
```

to

```
/export/test  *(rw,fsid=1,nohide,insecure,async,no_subtree_check)
```

Apparently, nfs couldn't assign an fsid to /export/test automatically for some reason (maybe because /export/test is actually a bind mount) so I had to do it manually. I don't see how this relates to the NAT issue though.

----------

