No option for client bind address in NFS?

No option for client bind address in NFS?

[Lukas Erlacher]

[-- Attachment #1: Type: text/plain, Size: 1557 bytes --]

Hello,

after reading the NFS(5) manpage and doing some searching through the 
mailing list archive (of course, due to it being ubiquitous in posted 
logs, searching for "addr" and "clientaddr" was a bit hopeless) I have 
come to conclude that NFS does not have an option for explicitly 
specifying an address for the client socket to bind to.

This is problematic for my usecase, which is "securing" NFS shares by 
exporting them to specific client hostnames only.

Most of my NFS client machines have multiple IP addresses and since 
configuring IP addresses and routes on debian-ish systems can be quite 
an art, I don't want to trust on the default route going via the correct 
IP so that the NFS server recognizes the host; I also don't want to go 
to the effort of having the shares exported to every possible IP that 
might be configured on the client.

Most utilities (e.g. ping, dig) have an option to specify an explicit 
client socket bind address.

Why doesn't NFS have that? (As I understand it, the clientaddr option 
firstly is only interpreted by NFSv4 and secondly, is not the bind 
address but only used by the server for callbacks)

For reference, my NFS server are Ubuntu 14.04/16.04 VMs using the 
nfs-kernel-server package, as well as Solaris machines using the 
"sharenfs" option on ZFS pools; my clients are Ubuntu 14.04/16.04 VMs 
using nfs-common package.

Best,

Lukas Erlacher
RBG Systemgruppe
Rechnerbetriebsgruppe der Fakultäten Informatik und Mathematik
Technische Universität München


[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 5167 bytes --]