 |
 |
 |
 |
| Guides & Solutions (No Questions) Post your guides here (No links to Blogs accepted). You can also append your comments/questions to a guide, but don't start a new thread to ask a question. Use another forum for that. |
31st August 2006, 08:34 PM
|
 |
Retired Community Manager & Avid Drinker Of Suds
|
|
Join Date: Feb 2005
Location: Rochester NY
Age: 38
Posts: 4,176
|
|
|
yeah give it a shot to see if it works
__________________
Registered Linux User: #376813
Western NY
My linux site
Smolt Profile
please remember to say if you problem was solved
Did you get your id10t award today?
|
1st September 2006, 12:55 PM
|
|
Registered User
|
|
Join Date: Feb 2006
Location: Tampa, Fl. USA
Posts: 323
|
|
|
Well, I re-entered the iptables rules (just incase I messed up -> operator error!!) and it seems to be working fine now. Note that the rules you listed must be preceded with a "/". Otherwise command not found.
Again thanks for your help.
__________________
The only thing more dangerous than action without thought is thought without action.
|
1st September 2006, 01:24 PM
|
|
Retired Community Manager & Avid Drinker Of Suds
|
|
Join Date: Feb 2005
Location: Rochester NY
Age: 38
Posts: 4,176
|
|
Quote:
|
Originally Posted by Dubious Dave
Well, I re-entered the iptables rules (just incase I messed up -> operator error!!) and it seems to be working fine now. Note that the rules you listed must be preceded with a "/". Otherwise command not found.
Again thanks for your help.
|
Fixed my post
__________________
Registered Linux User: #376813
Western NY
My linux site
Smolt Profile
please remember to say if you problem was solved
Did you get your id10t award today?
|
5th September 2006, 01:03 PM
|
|
Registered User
|
|
Join Date: Feb 2006
Location: Tampa, Fl. USA
Posts: 323
|
|
|
I've been monitoring NFS now for a few days and it seems that mountd seems to sometimes not complete. It appears random with each boot. However, I can restart NFS and mountd will complete.
The difference is in the results of rpcinfo -p: ---> ver 3 of mountd sometimes makes it and sometimes doesn't. If it's not there then mounting on the host doesn't work.
__________________
The only thing more dangerous than action without thought is thought without action.
|
6th September 2006, 12:52 AM
|
|
Retired Community Manager & Avid Drinker Of Suds
|
|
Join Date: Feb 2005
Location: Rochester NY
Age: 38
Posts: 4,176
|
|
|
Sounds like the making of a bug...
__________________
Registered Linux User: #376813
Western NY
My linux site
Smolt Profile
please remember to say if you problem was solved
Did you get your id10t award today?
|
6th September 2006, 02:03 AM
|
|
Registered User
|
|
Join Date: Apr 2006
Posts: 31
|
|
|
i follow the instruction, and try to setup serve on my FC5 machine, everything looks ok, except that i cann't let mountd start. mountd doesn't show up in 'rpcinfo -p xxxx'.
[root@oric phalanx]# service nfs restart
Shutting down NFS mountd: [FAILED]
Shutting down NFS daemon: [ OK ]
Shutting down NFS quotas: [ OK ]
Shutting down NFS services: [ OK ]
Starting NFS services: [ OK ]
Starting NFS quotas: [ OK ]
Starting NFS daemon: [ OK ]
Starting NFS mountd: [FAILED]
i did start rpc.mountd manually it works
[root@oric phalanx]# /usr/sbin/rpc.mountd
then i can mount the nfs from the client.
how can i correct this ?
thanks
yjiang
|
6th September 2006, 12:39 PM
|
|
Registered User
|
|
Join Date: Feb 2006
Location: Tampa, Fl. USA
Posts: 323
|
|
|
yjiang,
If you've followed my conversations with jim, then you'll see that my problem was a conflict between iptables and NFS services. To test if you have the same problem, turn off iptables and reboot a couple times to verify that NFS starts completely each time.
jim,
I'm going to keep monitoring it for a while more.
__________________
The only thing more dangerous than action without thought is thought without action.
|
7th September 2006, 12:00 AM
|
|
Registered User
|
|
Join Date: Apr 2006
Posts: 31
|
|
|
thanks, i can start nfs without any problem, however i miss two line in /etc/sysconfig/iptables to open port 4002.
now my nfs server works fine.
yjiang
|
7th September 2006, 01:03 PM
|
|
Registered User
|
|
Join Date: Feb 2006
Location: Tampa, Fl. USA
Posts: 323
|
|
|
yjiang, could you explain in a little more detail, what you did and what it resulted in.
Thanks
__________________
The only thing more dangerous than action without thought is thought without action.
|
7th September 2006, 03:58 PM
|
|
Registered User
|
|
Join Date: Apr 2006
Posts: 31
|
|
|
my original iptables file :
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 111 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 111 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 2049 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 2049 -j ACCEPT
REJECT --reject-with icmp-host-prohibited
COMMIT
after i turn off firewall and reboot machine, make nfs works ok,
Shutting down NFS mountd: [ OK ]
Shutting down NFS daemon: [ OK ]
Shutting down NFS quotas: [ OK ]
Shutting down NFS services: [ OK ]
Starting NFS services: [ OK ]
Starting NFS quotas: [ OK ]
Starting NFS daemon: [ OK ]
Starting NFS mountd: [ OK ]
i till couldn't mount nfs drive on the other machine, check rpcinfo
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 4000 status
100024 1 tcp 4000 status
100011 1 udp 4003 rquotad
100011 2 udp 4003 rquotad
100011 1 tcp 4003 rquotad
100011 2 tcp 4003 rquotad
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100021 1 udp 4001 nlockmgr
100021 3 udp 4001 nlockmgr
100021 4 udp 4001 nlockmgr
100021 1 tcp 4001 nlockmgr
100021 3 tcp 4001 nlockmgr
100021 4 tcp 4001 nlockmgr
100005 1 udp 4002 mountd
100005 1 tcp 4002 mountd
100005 2 udp 4002 mountd
100005 2 tcp 4002 mountd
100005 3 udp 4002 mountd
100005 3 tcp 4002 mountd
looks ok again, still can not mount with firewall on
so i check the /etc/sysconfig/iptables
and found there is no 4002 port permittd, i add two lines in the file
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 4002 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 4002 -j ACCEPT
the nfs can be mounted with firewall on. does it make sense to you ?
yjiang
|
8th September 2006, 04:05 PM
|
|
Registered User
|
|
Join Date: Feb 2006
Location: Tampa, Fl. USA
Posts: 323
|
|
|
Yes. Thank you very much. I will review my settings this weekend.
__________________
The only thing more dangerous than action without thought is thought without action.
|
9th September 2006, 03:30 AM
|
|
Registered User
|
|
Join Date: Mar 2005
Posts: 81
|
|
|
I am configuring my fedora 5 machines to use NFS. So far all the document i read about NFS say that NFS rely on portmap to make the network connection. Initially, portmap will listen to tcp 111 then redirect the connection to other port. Therefore, as i understand, only tcp 111 need to be opened for handshaking. After reading your post about NFS on fedora, i am kind of confused. Why should i have to open port TCP/UDP 2049 while connection is handle by portmap? Is portmap really look like a middle man handling the connection and bypass firewall as it documented ?
By the way, the /etc/host.allow is a kind of firewall to permit connection to a specific application instead of to a port, right? So far i only use /etc/sysconfig/iptable for network access control.
Hope anyone can clear my though
Thai
|
13th September 2006, 04:14 PM
|
|
Registered User
|
|
Join Date: Mar 2005
Posts: 81
|
|
|
Hi guys, i have problem with using NFS with firewall. Turning off iptable, i can mount NFS but turning it on cause problem although i have open port 111 and 2049 both (tcp and udp)
tail -20/var/log/messages shows:
Sep 13 11:06:21 localhost mount[3350]: mount to NFS server '192.168.2.101' failed: timed out (retrying).
Can anyone help?
|
13th September 2006, 07:01 PM
|
|
Registered User
|
|
Join Date: Feb 2006
Location: Tampa, Fl. USA
Posts: 323
|
|
|
This is the same problem I am having. Periodically, NFS does start properly on boot (with iptables on and changes made per jim's post), most times it does not.
If you've made the changes to iptables per jim's post and at boot time mountd fails then check if rpcinfo -p shows a value for mountd ver 3. If it does not then this is my problem. However simply restarting NFS services at this point always allows me to mount shared.
__________________
The only thing more dangerous than action without thought is thought without action.
|
14th September 2006, 04:17 AM
|
|
Registered User
|
|
Join Date: Mar 2005
Posts: 81
|
|
OK, i found the problem. It seems that portmap 's playing nasty with the port used by mountd. I followed the instruction and all suggestions in this thread including open port 111(portmap), 2049(nfs) and 4002(suggested for mountd), but so far it never work. I always have timeout trying to mount the nfs dir from client. The reason is simple: everytime i open a port (via iptable) for mountd THEN RESTART nfs(as suggested) portmap initializes another port for mountd !!! Therefore, the port i opened for mountd is useless, mountd is still blocked by firewall !!! I guess the solution is: using system-config-nfs, click on server settings and type the port you want to use for mountd THEN open that port for mountd by iptables. I dont know which file the system-config-nfs store the fixed port for mountd, lockd ... but so far using the GUI make things work. Also by doing this, i have the nfs dir mounted at boot.
Hope it helps somebody
|
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
 Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
Current GMT-time: 20:08 (Thursday, 23-05-2013)
|
|
 |
 |
 |
 |
|
|
