1
23.1 Legacy Series / [SOLVED]NFS Mouting Failing due to illegal port
« on: February 21, 2023, 09:51:53 pm »
Hi All
I have a VM machine that has a public IP interface and a private IP interface. The private interface is assigned 192.168.50.78. Then I have a dedicated host that acts as my "router" using private IP 192.168.50.1 and this is, therefore, my gateway for my 192.168.50.0/24 local network. The "router" I have is OPNsense.
That being said, I am trying to mount within my VM to my two remote NFS servers. The mount fails because of an illegal port coming from my VM, which is behind NAT:
And this is due to port translation happening. A solution is to add `insecure` to my /etc/export file, which I have tested and can confirm does indeed work.
However, as it suggests, it `insecure` and highly not recommended. I have tried adding a port forwarding rule on OPNsense and for some reason, it remains to fail with illegal ports.
Is there any way I can solve this issue, I need to set some sort of rule in OPNsense to handle this accordingly and I am not exactly sure what or how.
I have a VM machine that has a public IP interface and a private IP interface. The private interface is assigned 192.168.50.78. Then I have a dedicated host that acts as my "router" using private IP 192.168.50.1 and this is, therefore, my gateway for my 192.168.50.0/24 local network. The "router" I have is OPNsense.
That being said, I am trying to mount within my VM to my two remote NFS servers. The mount fails because of an illegal port coming from my VM, which is behind NAT:
Code: [Select]
[root@NFSHOST ~]# tail -f /var/log/messages | grep "rpc.mountd"
Feb 21 22:31:40 NFSHOS rpc.mountd[28721]: refused mount request from 197.189.XXX.ZZZ for /data/secondary (/data/secondary): illegal port 33744
Feb 21 22:35:22 NFSHOS rpc.mountd[28721]: refused mount request from 197.189.XXX.ZZZ for /data/secondary (/data/secondary): illegal port 40085
And this is due to port translation happening. A solution is to add `insecure` to my /etc/export file, which I have tested and can confirm does indeed work.
However, as it suggests, it `insecure` and highly not recommended. I have tried adding a port forwarding rule on OPNsense and for some reason, it remains to fail with illegal ports.
Is there any way I can solve this issue, I need to set some sort of rule in OPNsense to handle this accordingly and I am not exactly sure what or how.