Make NFS server listen only on a specific interface

linux ubuntu nfs ubuntu-20.04 nfs4

I am trying to run a NFS server (nfs-kernel-server package) on a Ubuntu 20.04 machine and want to make it only acessible via VPN.

I have set the appropriate IP address in the /etc/exports file and my firewall. Nevertheless, the rpc.mountd daemon is still listening on all interfaces (0.0.0.0 and ::). As a defense-in-depth measurement, I would like to restrict it further to only listen to connections on the VPN-network device.

How can I configure that?


Solution 1:

Quoting nfsd(8):

OPTIONS
       -d  or  --debug
              enable logging of debugging messages

       -H  or  --host hostname
              specify a particular hostname (or address) that NFS requests will be accepted on. By default, rpc.nfsd will accept NFS requests on all known network addresses.  Note that lockd (which performs file locking services for NFS) may still accept request on all known network addresses.  This may change
              in future releases of the Linux Kernel. This option can be used multiple time to listen to more than one interface.

       -p  or  --port port
              specify a different port to listen on for NFS requests. By default, rpc.nfsd will listen on port 2049.

Solution 2:

Ubuntu and Debian have the configuration in

/etc/default/nfs-kernel-server

You can restrict it using

RPCNFSDOPTS="-H 10.0.40.72"

Related

Puppet "file" resource emptied a directory
SSH connection time out, error 4003 failed to connect to backend
Prevent access to Gmail outside the scope of entreprise protected accounts
No APT Recommends with puppet
Getting "Quota 'CPUS' exceeded. Limit: 0.0 in region asia-south1" error while add an instance
AWS S3 costs for when AWS EMR uses it
Try_files in 2 different locations
Quieting down a Dell PowerEdge r710 [closed]
Fully altering recipient on Postfix
Different group policies in one domain
Is "waagent -deprovision" necessary for migrating an Azure VM to another subscription?
Nginx reverse proxy hide url