이상한 점은 nfs 서버의 showmount를 확인할 수 없다는 것입니다. 하지만 nfs 클라이언트에 연결할 수 있습니다. 마운트 지점에서 클라이언트의 파일을 읽고 쓸 수 있습니다.
# mounting in client
mount -t nfs 100.96.0.16:/delme /root/tmp
가능한 모든 구성은 다음과 같습니다.
서버에서: /etc/exports
/delme 100.96.0.0/12(rw,async,no_root_squash,insecure,anonuid=1000,anongid=1000)
서버의 ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 ****1 scopeid 0x20<link>
inet6 ****1 prefixlen 112 scopeid 0x0<global>
ether 00:16:3e:c1:29:a2 txqueuelen 1000 (Ethernet)
RX packets 16592 bytes 2976190 (2.9 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8357 bytes 1480084 (1.4 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 40 bytes 2716 (2.7 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 40 bytes 2716 (2.7 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
warp: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1400
inet 172.16.0.2 netmask 255.255.255.255 destination 172.16.0.2
inet6 2606:4700:110:8c25:8c68:2998:abd9:bb8e prefixlen 128 scopeid 0x0<global>
inet6 fe80::991c:c43c:5ac9:a519 prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 276 bytes 38332 (38.3 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 236 bytes 30651 (30.6 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
클라이언트의 ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 ***2 prefixlen 64 scopeid 0x20<link>
inet6 ***2 prefixlen 112 scopeid 0x0<global>
ether 00:16:3e:02:e7:57 txqueuelen 1000 (Ethernet)
RX packets 14726 bytes 2491233 (2.4 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 7028 bytes 1170140 (1.1 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 80 bytes 7360 (7.3 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 80 bytes 7360 (7.3 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
warp: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1400
inet 172.16.0.2 netmask 255.255.255.255 destination 172.16.0.2
inet6 2606:4700:110:8ec1:dda1:c327:5e42:f963 prefixlen 128 scopeid 0x0<global>
inet6 fe80::1101:189e:d0dc:edae prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 281 bytes 53356 (53.3 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 385 bytes 42565 (42.5 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
사용하고 있으니 참고해주세요VPN 제로 트러스트 Cloudflare
네트워크 상태 다이어그램 grep 원격 프로시저 호출
tcp 0 0 0.0.0.0:41783 0.0.0.0:* LISTEN 3947/rpc.mountd
tcp 0 0 0.0.0.0:50045 0.0.0.0:* LISTEN 3947/rpc.mountd
tcp 0 0 0.0.0.0:56385 0.0.0.0:* LISTEN 3947/rpc.mountd
tcp6 0 0 :::53185 :::* LISTEN 3947/rpc.mountd
tcp6 0 0 :::55553 :::* LISTEN 3947/rpc.mountd
tcp6 0 0 :::41201 :::* LISTEN 3947/rpc.mountd
udp 0 0 0.0.0.0:40165 0.0.0.0:* 3947/rpc.mountd
udp 0 0 0.0.0.0:44333 0.0.0.0:* 3947/rpc.mountd
udp 0 0 0.0.0.0:42809 0.0.0.0:* 3947/rpc.mountd
udp6 0 0 :::53483 :::* 3947/rpc.mountd
udp6 0 0 :::49717 :::* 3947/rpc.mountd
udp6 0 0 :::44615 :::* 3947/rpc.mountd
이상한 점은 공용 IPv6를 사용하여 액세스하면 클라이언트에서 showmount 결과를 반환한다는 것입니다.
root@client:~/tmp# showmount -e 100.96.0.16
rpc mount export: RPC: Unable to receive; errno = Connection refused
root@client:~/tmp# showmount -e <my server public ipv6>
Export list for <my server public ipv6>:
/delme 100.96.0.0/12
root@client:~/tmp# ls /root/tmp
this_file_was_generated_from_server
root@client:~/tmp# touch foo && ls /root/tmp
foo this_file_was_generated_from_server
root@client:~/tmp#
다음과 같은 인터페이스에서 제로 트러스트를 사용하고 있으므로 참고하세요.~을 통해cloudflare 관련 항목172.16.0.2:
- 100.96.0.16은 서버의 개인 IP입니다.
- 100.96.0.17은 클라이언트의 개인 IP입니다.
따라서 클라이언트에서 서버에 ping을 보낼 수 있습니다.
root@client:~# ping 100.96.0.16 -I 172.16.0.2
PING 100.96.0.16 (100.96.0.16) 56(84) bytes of data.
64 bytes from 100.96.0.16: icmp_seq=1 ttl=62 time=19.6 ms
64 bytes from 100.96.0.16: icmp_seq=2 ttl=62 time=13.5 ms
64 bytes from 100.96.0.16: icmp_seq=3 ttl=62 time=13.6 ms
64 bytes from 100.96.0.16: icmp_seq=4 ttl=62 time=13.2 ms
클라이언트의 RPC 정보
root@client:~/tmp# rpcinfo
program version netid address service owner
100000 4 tcp6 ::.0.111 portmapper superuser
100000 3 tcp6 ::.0.111 portmapper superuser
100000 4 udp6 ::.0.111 portmapper superuser
100000 3 udp6 ::.0.111 portmapper superuser
100000 4 tcp 0.0.0.0.0.111 portmapper superuser
100000 3 tcp 0.0.0.0.0.111 portmapper superuser
100000 2 tcp 0.0.0.0.0.111 portmapper superuser
100000 4 udp 0.0.0.0.0.111 portmapper superuser
100000 3 udp 0.0.0.0.0.111 portmapper superuser
100000 2 udp 0.0.0.0.0.111 portmapper superuser
100000 4 local /run/rpcbind.sock portmapper superuser
100000 3 local /run/rpcbind.sock portmapper superuser