NFS through a wireless router

I've been running a wireless network in a rather insecure mode for a while
and wanted to improve that. I purchased a wireless router to replace my
rather dated access point thinking the improved security on the newer
devices would help tremendously with the neighborhood hackers. [I live in
a University town with lots of students war driving for kicks]

I'm finding that just about everything works fine but not everything. I
cannot get my NFS connections to load through the NAT of the new device.
Just to test, I've tried accepting all connections from the routers'
external address (which is internal to my wired network), but nothing seems
to work. I get "invalid port" errors on the NFS server.

More Specifics:

Wireless Router: NetGear WGR614 54Mb 802.11g
Error: rpc.mountd: refused mount request from xx.xx.xx.xx for /yyy: illegal
port zzz

I found that connecting to the wired ports on the router does not have this
problem. It appears to be associated with the wireless functionality.

Help anyone?

Gracias.

In message <a-ydnZc0b8xSz-TcRVn-(E-Mail Removed)>, dougga wrote:

> I've been running a wireless network in a rather insecure mode for a while
> and wanted to improve that. I purchased a wireless router to replace my
> rather dated access point thinking the improved security on the newer
> devices would help tremendously with the neighborhood hackers. [I live in
> a University town with lots of students war driving for kicks]
>
> I'm finding that just about everything works fine but not everything. I
> cannot get my NFS connections to load through the NAT of the new device.
> Just to test, I've tried accepting all connections from the routers'
> external address (which is internal to my wired network), but nothing
> seems
> to work. I get "invalid port" errors on the NFS server.
>
> More Specifics:
>
> Wireless Router: NetGear WGR614 54Mb 802.11g
> Error: rpc.mountd: refused mount request from xx.xx.xx.xx for /yyy:
> illegal port zzz
>
> I found that connecting to the wired ports on the router does not have
> this
> problem. It appears to be associated with the wireless functionality.
>
If you're using NAT then it'll be translating the source port from something
in the reserved range (i.e. < 1024) to something above that. I think most,
if not all, Linux distributions have NFS default to only accepting
connections from the reserved port range. This is done for security reasons
(only root can bind to ports in the reserved range so it stops random users
from setting up their own NFS mounts).
--
Dave
mail da (E-Mail Removed) (without the space)
http://www.llondel.org/
So many gadgets, so little time...

Dave {Reply Address in.sig} wrote:

> In message <a-ydnZc0b8xSz-TcRVn-(E-Mail Removed)>, dougga wrote:
>
>> I've been running a wireless network in a rather insecure mode for a
>> while
>> and wanted to improve that. I purchased a wireless router to replace my
>> rather dated access point thinking the improved security on the newer
>> devices would help tremendously with the neighborhood hackers. [I live
>> in a University town with lots of students war driving for kicks]
>>
>> I'm finding that just about everything works fine but not everything. I
>> cannot get my NFS connections to load through the NAT of the new device.
>> Just to test, I've tried accepting all connections from the routers'
>> external address (which is internal to my wired network), but nothing
>> seems
>> to work. I get "invalid port" errors on the NFS server.
>>
>> More Specifics:
>>
>> Wireless Router: NetGear WGR614 54Mb 802.11g
>> Error: rpc.mountd: refused mount request from xx.xx.xx.xx for /yyy:
>> illegal port zzz
>>
>> I found that connecting to the wired ports on the router does not have
>> this
>> problem. It appears to be associated with the wireless functionality.
>>
> If you're using NAT then it'll be translating the source port from
> something in the reserved range (i.e. < 1024) to something above that. I
> think most, if not all, Linux distributions have NFS default to only
> accepting connections from the reserved port range. This is done for
> security reasons (only root can bind to ports in the reserved range so it
> stops random users from setting up their own NFS mounts).


That was the problem. I removed NAT and all is well.