NFS mount on PVE 8 or PVE 9 keeps needing different ports to be accessible.

[ypsilonkah]

I encountered an odd problem on PVE8 and after upgrading, also on PVE9. I have a NFS storage server on IP 192.168.100.100 and my PVE instance on a different vlan at 192.168.200.100. For NFS I have created rules for the ports 111 833 2049 and 60375 (at the moment).

Occasionally, the NFS share fails to mount because the last port (now 60375) changes randomly to a different 5 digit port number. I can see this on my firewall's live logs that there is blocked traffic on the new port. When I add this to my NFS--PVE rule, the mount becomes reestablished and all works fine until it changes again. I can't even tell when and why; it is not tied to reboots of PVE or the NFS server.

The problem looks a little bit like this but it is a different, and repeatedly changing port.

Can I at least set the port to a fixed port number?

 

[IsThisThingOn]

Not the question you are asking, so sorry for derailing it, but why don't you just simply put the PVE or at least one interface of PVE into the same VLAN?
You don't really gain anything in terms of security, and everything has to go through the firewall.

 

[ypsilonkah]

I know. But at the moment, I am want to simply know "why"

 

[IsThisThingOn]

Sorry, I don't really know. This is just a guess:
according to mountd

       -p num  or  -P num  or  --port num
              Specifies the port number used for RPC listener sockets.
              If this option is not specified, rpc.mountd will try to
              consult /etc/services, if gets port succeed, set the same
              port for all listener socket, otherwise chooses a random
              ephemeral port for each listener socket.

              This option can be used to fix the port value of
              rpc.mountd's listeners when NFS MOUNT requests must
              traverse a firewall between clients and servers.