I've read some topics now about nfs with nat and they mostly comply to nfs server behind nat.
What I now want to achieve is nfs client behind nat ( the vm ).
I've read this topic
http://wiki.debian.org/?SecuringNFS
and have applied the settings to nfs-common which is statd only.
Then I did a shutdown of the vm.
Next I applied some portforwarding rules.
<ExtraDataItem name="VBoxInternal/Devices/pcnet/0/LUN#0/Config/nfs_tcp/Protocol" value="tcp"/>
<ExtraDataItem name="VBoxInternal/Devices/pcnet/0/LUN#0/Config/nfs_tcp/GuestPort" value="32765"/>
<ExtraDataItem name="VBoxInternal/Devices/pcnet/0/LUN#0/Config/nfs_tcp/HostPort" value="32765"/>
<ExtraDataItem name="VBoxInternal/Devices/pcnet/0/LUN#0/Config/nfs_tcp/Protocol" value="tcp"/>
<ExtraDataItem name="VBoxInternal/Devices/pcnet/0/LUN#0/Config/nfs_tcp/GuestPort" value="32765"/>
<ExtraDataItem name="VBoxInternal/Devices/pcnet/0/LUN#0/Config/nfs_tcp/HostPort" value="32765"/>
<ExtraDataItem name="VBoxInternal/Devices/pcnet/0/LUN#0/Config/nfs_udp/Protocol" value="udp"/>
<ExtraDataItem name="VBoxInternal/Devices/pcnet/0/LUN#0/Config/nfs_udp/GuestPort" value="32765"/>
<ExtraDataItem name="VBoxInternal/Devices/pcnet/0/LUN#0/Config/nfs_udp/HostPort" value="32765"/>
inside client netstat looks like:
tcp 0 0 *:ldap *:* LISTEN
tcp 0 0 *:bacula-dir *:* LISTEN
tcp 0 0 localhost:bacula-fd *:* LISTEN
tcp 0 0 *:bacula-sd *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:www *:* LISTEN
tcp 0 0 *:postgresql *:* LISTEN
tcp 0 0 *:smtp *:* LISTEN
tcp 0 0 *:32765 *:* LISTEN
tcp6 0 0 *:ldap *:* LISTEN
tcp6 0 0 *:ssh *:* LISTEN
tcp6 0 0 *:smtp *:* LISTEN
tcp6 0 0 localhost:ssh galactica:42903 ESTABLISHED
udp 0 0 localhost:1024 localhost:1024 ESTABLISHED
udp 0 0 localhost:snmp *:*
udp 0 0 *:bootpc *:*
udp 0 0 *:sunrpc *:*
udp 0 0 *:32765 *:*
udp 0 0 *:32766 *:*
What you see is that port 32765 is fix port now and should be accessible by
server.
But i am getting permission denied.
My exports file (host) looks this:
/backup 10.0.2.0/24(rw,no_root_squash,subtree_check,sync)
From another "real" host mount is possible.