Make NFS server listen only on a specific interface

Posted on

A server stack is the collection of software that forms the operational infrastructure on a given machine. In a computing context, a stack is an ordered pile. A server stack is one type of solution stack — an ordered selection of software that makes it possible to complete a particular task. Like in this post about Make NFS server listen only on a specific interface was one problem in server stack that need for a solution. Below are some tips in manage your linux server when you find problem about linux, ubuntu, nfs, nfs4, ubuntu-20.04.

I am trying to run a NFS server (nfs-kernel-server package) on a Ubuntu 20.04 machine and want to make it only acessible via VPN.

I have set the appropriate IP address in the /etc/exports file and my firewall.
Nevertheless, the rpc.mountd daemon is still listening on all interfaces ( and ::). As a defense-in-depth measurement, I would like to restrict it further to only listen to connections on the VPN-network device.

How can I configure that?

Quoting nfsd(8):

       -d  or  --debug
              enable logging of debugging messages

       -H  or  --host hostname
              specify a particular hostname (or address) that NFS requests will be accepted on. By default, rpc.nfsd will accept NFS requests on all known network addresses.  Note that lockd (which performs file locking services for NFS) may still accept request on all known network addresses.  This may change
              in future releases of the Linux Kernel. This option can be used multiple time to listen to more than one interface.

       -p  or  --port port
              specify a different port to listen on for NFS requests. By default, rpc.nfsd will listen on port 2049.

Ubuntu and Debian have the configuration in


You can restrict it using


Leave a Reply

Your email address will not be published. Required fields are marked *