# NFS client with dynamic IP - how? (solved using workaround)

## lonex

I've got the following situation:

My server, directly connected to the Internet, has a public IP address. On this machine I run an NFS server.

At home I want to mount that NFS share, but each time I connect to the Internet, my provider assigns a new dynamic IP address to my router.

Now my thinking was, being registered with dyndns.org, that I put my dyndns-address into the NFS server's exports-file.

This works perfectly, but when I at a later time disconnect and then reconnect to the Internet, my router gets a new IP address from the provider. When I now try to mount the NFS share all I get is "permission denied". After reloading or restarting the NFS server, I can mount the share just fine, though.

Now my question is: Is there any chance that I can make the NFS server to look up the DNS name supplied in the exports-file on every connect?

----------

## DocReedSolomon

to the best of my knowledge this is denied infact of security issues. using NFS, both machines need a static address.

someone might correct me if im wrong.

hmm, actually i wasnt even aware you could put a domainname in /etc/exports, so something might have changed there.

----------

## suicidal_orange_II

NFS gets the IP from the domain name when it starts, then doesn't check it once its running.  I'm not sure what nfsd does if you restart it while someone is connected, but you could try a cron job every 5mins to restart NFS and get the new IP.  Not the cleanest way and may not even work, but surely worth a try  :Smile: 

Suicidal_Orange

----------

## lonex

Yeah, I've also thought about a cronned restart or reload of nfs before. When I run "/etc/init.d/nfs reload", I can connect with my new IP and already-established connections won't get hurt in the process as well.

Seems like an acceptable workaround for now.  :Very Happy: 

----------

## DocReedSolomon

 *lonex wrote:*   

> Yeah, I've also thought about a cronned restart or reload of nfs before. When I run "/etc/init.d/nfs reload", I can connect with my new IP and already-established connections won't get hurt in the process as well.
> 
> Seems like an acceptable workaround for now. 

 

you must be crazy   :Twisted Evil: 

the risk that someone else getting your old IP gets in is very high. you have been warned   :Twisted Evil: 

wouldnt it be sufficient for you to simply setup an FTP server on the host?

i guess its just about shuffeling files back/force, so an FTP ransfer would be OK?

----------

## lonex

Yes, I know the risks, I'm not a networking newb, just a NFS-newb.  :Wink: 

I wanted to try the NFS way because I want to mount a remote directory to be able to directly work on certain files (html, php) without the need to constantly re-upload any changed files via FTP.

But you're right, maybe I should find a better way to do that.  :Smile: 

----------

## DocReedSolomon

hmm, if you play with the timeout of the ftpserver, that works just fine!

well, of course it also depends on your DSL line ( i see you are from germany, me2 <g>)

i am using ADSL2+, that includes fastpath and 1mbit up (t-com). works like a charm here editing files, saveing them, refresh browser and.. voila!   :Razz: 

meanwhile i am only hosting the domain names on the rootserver (strato, btw) and reroute the domains to my dyndns account. i am pretty happy with this, i am able to change onthefly, and the 1mbit up is more then enough to transfer the http requests.

just brilliant!

----------

## GNUtoo

mabe you could add acess control to your NFS

or mabe just use another network filesystem like samba or codaFS

----------

## DocReedSolomon

 *GNUtoo wrote:*   

> mabe you could add acess control to your NFS
> 
> or mabe just use another network filesystem like samba or codaFS

 

workarounds - no   :Shocked: 

NFS shares to dynamic IP adresses *are* risky. period.

samba and coda from linux to linux? you must be kidding   :Twisted Evil: 

----------

## suicidal_orange_II

As a further thought to the cron job what about this for how the script could work - if the domain becomes un-pingable kill NFS, that way no-one else would be able to get onto the share (though it seems unlikely that the next person with your IP would try to NFS to your server...) when its pingable again (and the IP has changed, if your being thorough) restart NFS.  Your ISP shouldn't reuse the IP for at least 15mins so if the script runs more often than that it should work  :Smile: 

Suicidal_Orange

----------

## GNUtoo

 *DocReedSolomon wrote:*   

>  *GNUtoo wrote:*   mabe you could add acess control to your NFS
> 
> or mabe just use another network filesystem like samba or codaFS 
> 
> workarounds - no  
> ...

 

coda is like NFS but better

i admit samba is not verry good from linux to linux

there is also ssh and sshfs(fuse filesystem for mounting ssh)

you can protect ssh with keys or denyhosts

but ssh is slow!!!

----------

## pteppic

How about using port knocking to alter /etc/exports and restart the nfs daemon, and/or more traditionally alter the firewall too. You can have a different sequence to take the access out again once you have finished.

Even if you use a hardware router, just forward some (many unused) ports to iptables on the nfs machine.

----------

## GNUtoo

 *pteppic wrote:*   

> How about using port knocking to alter /etc/exports and restart the nfs daemon, and/or more traditionally alter the firewall too. You can have a different sequence to take the access out again once you have finished.
> 
> Even if you use a hardware router, just forward some (many unused) ports to iptables on the nfs machine.

 

good idea...

----------

