# nfs listens on wildcard address [SOLVED]

## wthrowe

I have a machine with two network interfaces, and I want nfsd to only listen on the internal address.  The -H option only seems to restrict port 2049, even though nfsd opens other ports too.  Does anyone know how to deal with this?

I can't block the other ports with the firewall, because they change every time nfs is restarted and there are other programs legitimately using random high numbered ports.

```
# netstat -nlp | grep -- \ -

# grep RPC_NFSD /etc/conf.d/nfs

OPTS_RPC_NFSD="-H 192.168.2.2 -N 2 -N 3 -U 8"

# /etc/init.d/nfs start

 * Exporting NFS directories ...                                          [ ok ]

 * Starting NFS mountd ...                                                [ ok ]

 * Starting NFS daemon ...                                                [ ok ]

 * Starting NFS smnotify ...                                              [ ok ]

# netstat -nlp | grep -- \ -

tcp        0      0 192.168.2.2:2049        0.0.0.0:*               LISTEN      -

tcp        0      0 0.0.0.0:39380           0.0.0.0:*               LISTEN      -

udp        0      0 0.0.0.0:44885           0.0.0.0:*                           -
```

Last edited by wthrowe on Mon May 23, 2011 6:47 pm; edited 1 time in total

----------

## wthrowe

I found a workaround.  Setting the sysctl parameters fs.nfs.nlm_{tcp,udp}port puts the sockets on fixed ports, so they can then be blocked by the firewall.

----------

