Hi everyone TL,DR: pf between NFS server and clients - how to let the appropriate traffic pass?
My NFS server and its clients live on different subnets, with a box doing the routing and the filtering in between. Since I'm filtering traffic between subnets and both mountd and nlockmgr get random ports, the only way I could figure out to pass traffic is using a pf anchor. pfctl over ssh is then used to automatically set the appropriate rules. Although this works in general (except for rpc.lockd), it feels a bit like a kludge... I guess something like ftp-proxy would be more appropriate for the task. What's the common approach for this? TIA Zé --
