Nfs – How to force use of tcp instead of udp for rpcbind

nfsportmaptcpudp

I'm trying to use tcp/111 for rpcbind under Debian Wheezy instead of udp/111. The portmap in Squeeze uses tcp/111 without any special configuration, but Wheezy fails.

Even numerous sites (as well as RFC) says TCP or UDP is selected dynamically, or sometimes that TCP is used if UDP fails… – when I reject udp/111 (with iptables) on Wheezy client with rpcbind, I get errors…

# showmount -e server
Export list for server:
....
# iptables -I OUTPUT -j REJECT -d server -p udp --dport 111 --reject-with icmp-port-unreachable
# showmount -e server
clnt_create: RPC: Port mapper failure - Unable to send: errno 1 (Operation not permitted)
# rpcinfo -p
 program vers proto   port  service
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100000    2   tcp    111  portmapper
    100000    4   udp    111  portmapper
    100000    3   udp    111  portmapper
    100000    2   udp    111  portmapper
#

How can I setup rpcbind to use TCP only?

Best Answer

If you mount with vers=3,proto=tcp, TCP is used when querying rpcbind for the actual mount:

$ tshark -nr nfs.pcap "tcp.stream eq 0"
 2  192.168.1.89 36200 192.168.1.60   111 TCP 74 [SYN]
 3  192.168.1.60   111 192.168.1.89 36200 TCP 74 [SYN, ACK]
 4  192.168.1.89 36200 192.168.1.60   111 TCP 66 [ACK]
 5  192.168.1.89 36200 192.168.1.60   111 Portmap 126 V2 GETPORT Call
 6  192.168.1.60   111 192.168.1.89 36200 TCP 66 [ACK]
 7  192.168.1.60   111 192.168.1.89 36200 Portmap 98 V2 GETPORT Reply (Call In 5)
 8  192.168.1.89 36200 192.168.1.60   111 TCP 66 [ACK]
 9  192.168.1.89 36200 192.168.1.60   111 TCP 66 [FIN, ACK]
10  192.168.1.60   111 192.168.1.89 36200 TCP 66 [FIN, ACK]
11  192.168.1.89 36200 192.168.1.60   111 TCP 66 [ACK]

I can only assume showmount is hard-coded to use UDP. I tried to read the source of nfs-utils but got lost in showmount.c after clnt_call(), sorry.

Related Topic