While Amazon EFS mounts work flawlessly within AWS environments and Linux systems, OSX presents unique challenges due to differences in NFS protocol implementations. The key symptom is:
mount_nfs: can't mount / from 100.100.100.68 onto /sharedfiles: RPC prog. not avail
Amazon EFS uses NFSv4.1, while OSX's built-in NFS client has limitations:
- OSX defaults to older NFS versions (3 or 4.0)
- Missing required RPC services (mountd, nfsd)
- Incompatible with EFS's server-side locking mechanism
Option 1: Using NFS Client in Docker
This bypasses OSX's native NFS limitations by leveraging Linux containers:
# Start a Linux container with NFS support
docker run -it --privileged -v /sharedfiles:/mnt debian bash
# Inside container:
apt update && apt install -y nfs-common
mount -t nfs4 -o nfsvers=4.1 100.100.100.68:/ /mnt
Option 2: Third-Party NFS Clients
Commercial solutions like:
- MacFUSE + NFS plugin
- Dockerized NFS gateway
- Parallels Desktop Mounter
The HAProxy setup is correct, but needs OSX-specific adjustments:
listen efs-proxy
bind :2049
mode tcp
option tcplog
timeout client 1h
timeout server 1h
server efs-endpoint fs-1e7bb658.efs.us-east-1.amazonaws.com:2049
- Verify VPN connectivity:
ping 100.100.100.68 - Check NFS port access:
nc -zv 100.100.100.68 2049 - Test with minimal permissions:
mount -o resvport,nfsvers=4,tcp 100.100.100.68:/ /mnt
When bridging EFS to local machines:
- Restrict HAProxy access to VPN IP ranges
- Implement IAM policies for EFS access control
- Consider SSH tunneling as alternative
When attempting to mount Amazon EFS on macOS through an HAProxy tunnel, we first configured a Docker container running HAProxy to forward NFS traffic:
sudo docker run -d --net=host haproxy /bin/bash -c "echo -e 'listen fs-1e7bb658-us-east-1\n bind :2049\n mode tcp\n option tcplog\n timeout tunnel 300000\n server fs-1e7bb658-us-east-1a us-east-1a.fs-1e7bb658.efs.us-east-1.amazonaws.com:2049 check inter 60000 fastinter 15000 downinter 5000' > /haproxy.cfg && haproxy -f /haproxy.cfg"
The tunnel works perfectly when mounting from Linux instances:
sudo mount 100.100.100.68:/ /testing
echo "testing123!" > /testing/testing.txt
cat /shared/testing.txt
However, macOS encounters protocol-level issues when attempting the mount:
sudo mount 100.100.100.68:/ /sharedfiles
mount_nfs: can't mount / from 100.100.100.68 onto /sharedfiles: RPC prog. not avail
Running rpcinfo reveals missing NFS services:
rpcinfo -p 100.100.100.68
# Shows only portmapper, status, and nlockmgr services
The NFSv4-specific mount command also fails on macOS:
mount -t nfs4 -o nfsvers=4.1 100.100.100.68:/ /sharedfiles
mount: exec /System/Library/Filesystems/nfs4.fs/Contents/Resources/mount_nfs4: No such file or directory
A functional workaround involves using Docker to create a Linux environment:
# Start a Debian container
docker run -it --rm debian bash
# Install NFS client inside container
apt-get update && apt-get install nfs-common -y
# Mount through HAProxy tunnel
mount -t nfs4 -o nfsvers=4.1 100.100.100.68:/ /mnt
For native macOS mounting, consider these approaches:
# Try different NFS versions
sudo mount -t nfs -o vers=3,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 100.100.100.68:/ /sharedfiles
# Or use the newer mount_nfs utility
/usr/sbin/mount_nfs -o vers=3 100.100.100.68:/ /sharedfiles
Ensure your security groups allow both NFS traffic (port 2049) and RPC ports (111, plus ephemeral ports for mountd, nlockmgr, etc.) from your macOS client IP.