Symptom

After NFS 4.0 is mounted to a NAS, NFS 4.0 listens to a random 0.0.0.0 port. Netstat is unable to identify the process that listens to this port.

The changing listened port and the unidentified listening program make NFS 4.0 may be mistaken for a Trojan attack.



Cause

NFS 4.0 listens to this random port to support callback. NFS 4.0 listens to this random port to support callback. Because the default value of the fs.nfs.nfs_callback_tcpport kernel parameter is 0, the NFS 4.0 client randomly chooses a port to listen. This random port does not constitute a security risk.

To facilitate port management, see Solution to fix the callback port.

Solution

Before mounting the file system, set the parameter fs.nfs.nfs_callback_tcpport to a non-zero value.

sudo sysctl fs.nfs.nfs_callback_tcpport=<port>

In the following example, the fs.nfs.nfs_callback_tcpport parameter is manually set to port 45450, and then NFS 4.0 is mounted. Netstat shows that the listened port is 45450.

Note that the following commands are run as user root, so running the sysctl command in sudo is unnecessary.