I did some tests and I'm now pretty sure the problem revolves around the point naddy made: Kodi and VLC try to mount my NFS share through a non-privileged port. As both Kodi and VLC use the same NFS client library (libnfs), I tried to find out a bit more about how it works. According to its readme, libnfs uses standard NFS ports when run as root and non-privileged ports when run non-root. Here is the relevant part of the readme file: "When running as root, libnfs tries to allocate a system port for its connection to the NFS server. When running as non-root it will use a normal ephemeral port". I find it strange that a client library should be run as root in order to use a privileged port. My (very poor, I confess) understanding was that only server processes should be run as root in order to use privileged ports. Anyway, as things stand I can only mount my OpenBSD NFS shares if the client is run as root, since the usual way to circumvent this problem on the server side (set the insecure flag on exports) is not available on OpenBSD and, I hope, won't ever be. As I don't have root access to my Fire Stick TV, there is no way to mount my OpenBSD NFS shares on it. As I'm no expert on security though, I'd like an opinion from you guys regarding this: is it reasonable to require an NFS client to be run as root?
Best, Vitor Em sex., 30 de dez. de 2022 às 15:20, Bodie <bo...@bodie.cz> escreveu: > > On Fri Dec 30, 2022 at 3:59 PM CET, vitmau...@gmail.com wrote: > > Thank you guys for the tips. I think naddy is right, which means I was > > wrong in thinking that I finally had a doubt that couldn't be solved > > by OpenBSD's manuals. I'll do some tests and report back on this > > thread soon. > > Don't forget to check firewall as NFSv4 from your Fedora 34 has > way less requirements then NFSv3 served by OpenBSD > > You can compare 'rpcinfo -p localhost' on your OpenBSD server > vs same command remotely from client (with proper hostname/IP) > > And NFSv3 is by default UDP while NFSv4 is TCP > > > > > Best, > > Vitor > > > > Em qui., 29 de dez. de 2022 às 16:55, Christian Weisgerber > > <na...@mips.inka.de> escreveu: > > > > > > "vitmau...@gmail.com": > > > > > > > My /var/log/daemon regarding the issue: > > > > mountd[91001]: Refused mount RPC from host 192.168.1.4 port 57264 > > > > > > The client's mount request didn't come from a reserved port, i.e. <1024. > > > OpenBSD's mountd(8) does not accept this. > > > > > > -- > > > Christian "naddy" Weisgerber na...@mips.inka.de >
