I would like to reach my NFSv4 servers though port forward. The big plan will be a cluster of NFSv4 servers loadbalanced with HAProxy running on localhost. But this isn't really important now.
At the server the /etc/exports looks like this
/mnt/x 192.168.0.0/16(rw,sync,no_subtree_check,no_root_squash,fsid=1)
I can connect from my client to the server on TCP 2049 and mount the share like this
mount -t nfs4 -o proto=tcp,port=2049 192.168.2.25:/mnt/x /mnt
I tested that NFVs4 is happy with only this one TCP port open by filtering all other communication between the two machines.
So I think NFS works well.
But when I forward a port for example with redir on the client to the server like
redir --lport=3049 --cport=2049 --caddr=192.168.2.25
and want to mount it as follows
mount -t nfs4 -o proto=tcp,port=3049 127.0.0.1:/mnt/x /mnt
i get
mount.nfs4: Operation not permitted
What I miss? I can't see any relevant information in the server logs.
Update: I captured both the good and the bad connection attempt, at the beginning they are the same then the client sends a
PUTROOTFH,GETFH,GETATTR
command. In the good case the servers responds
PUTROOTFH-NFS4_OK,GETFH-NFS4_OK,GETATTR-NFS4_OK
in the bad (forwarded) case it responds
PUTROOTFH-NFS4_OK,GETFH-NFS4_OK,GETATTR-NFS4ERR_PERM
This point I changed the export to
/mnt/x 0.0.0.0/0.0.0.0(rw,sync,no_subtree_check,no_root_squash,fsid=1)
but the error is the same.
In the good case the server logs are
rpc.mountd[1711]: nfsd_export: inbuf '0.0.0.0/0.0.0.0 /'
rpc.mountd[1711]: nfsd_export: found 0x12dfeb0 path /
rpc.mountd[1711]: nfsd_export: inbuf '0.0.0.0/0.0.0.0 /mnt'
rpc.mountd[1711]: nfsd_export: found 0x12e2810 path /mnt
in the bad case
rpc.mountd[1711]: nfsd_export: inbuf '0.0.0.0/0.0.0.0 /'
rpc.mountd[1711]: nfsd_export: found 0x12dfeb0 path /