NFS behind NAT on Mac OS X

Sometimes solutions are so easy, you just overlook them. I had been having problems getting my NFS volumes mounted when I was connected to a network behind a masquerading NAT router. While trying to mount the directory “/home/jabo” from my server on my Mac, the mounting would appear to succeed, but it would never get accessible, and eventually I would just get the “Server connection interrupted”” message from the Finder. Not a very descriptive error. The log file on the server side would say everything is OK:

Sep 11 15:25:22 persephone rpc.mountd: authenticated mount request
    from for /home/jabo (/home/jabo)

So the problem had to be on the client side. A look at system.log confirmed this:

Sep 11 15:32:47 mango kernel[0]: 
    nfs server not responding

Of course, thinking about it, this made perfectly sense: UDP connections are stateless, and therefore cannot be masqueraded properly (there is no way of knowing where a UDP packet is supposed to go when it arrives at the router). The solution is simple: use TCP for the NFS connection. Doh!

The GUI connects using UDP, so it doesn’t work. However, nothing stops us from using the command line, so it was just a matter of opening my favorite terminal program (iTerm) and entering:

mango:~ dawuss$ mkdir /Volumes/jabo
mango:~ dawuss$ mount -t nfs -o tcp \ /Volumes/jabo/

Assuming you already set up your NFS server to work using unprivileged ports, this will set up the NFS connection as usual, only now using TCP as transport protocol instead of UDP. You can confirm this using the mount command:

mango:~/Downloads/Disk Images dawuss$ mount
/dev/disk0s3 on / (local, journaled)
devfs on /dev (local)
fdesc on /dev (union)
 on /.vol
automount -nsl [114] on /Network (automounted)
automount -fstab [172] on /automount/Servers (automounted)
automount -static [172] on /automount/static (automounted) 
    on /Volumes/jabo (nodev, nosuid, mounted by dawuss)

Of course I wanted it to show up in Finder too, as it would when using the “Connect to Server” dialog. To get this done, I simply had to open the “Go to Folder” dialog (Command+Shift+G) and enter the mount point: “/Volumes/jabo”.

It really is that simple, but it took me quite a while, and some suggestions from people on IRC to figure it out, because searching the web for “NFS behind NAT” really didn’t produce any sensible results.

Next step for me will be setting up a nicely encrypted SSH tunnel in the way described in this document :)

3 Responses to “NFS behind NAT on Mac OS X”

  1. Pingback: Mal

  2. Pingback: Mal

  3. Pingback: Mal