PDA

View Full Version : NFS and SElinux?



werewolf6851
4th September 2009, 05:47 PM
Greetings,

Hoping for some help here.

Goal: Set up a NFS server
elements:
Fedora 11, 32 bit computer with big drive
Fedora 11, 64 bit computer with smaller drive
linksys Wireless Router (all house computers connected via cat5 cable)
cryptsetup luks encrypted partion
both computers have ntf-utils installed

Current Problem: Remote computer can't mount the NFS share
Server can mount the NFS share with line
mount -t nfs 192.168.42.30:/media/Oberon /dev/shm/nfs
/dev/shm/nfs directory exist
When try same with client, it times out. following message in /var/log/messages
kernel: rpcbind: server 192.168.42.30 not responding, timed out

Hypotenuse:
Issue is either with permissions
or SELinux. Don't want to shut down SELinux, it that's the case, rather learn what's
needed to get NFS to work with it
or some little mistake I'm just not seeing yet


Details:
luks partion with ntfs is mounted on server like so
echo $tpass | cryptsetup luksOpen /dev/sda3 Oberon
mount -o uid=500,gid=501 /dev/mapper/Oberon /media/Oberon


In hosts.deny on server added following lines
portmap:ALL
lockd:ALL
mountd:ALL
rquotad:ALL
statd:ALL
In hosts.allow on server added with ip address of the NFS client
portmap: 192.168.42.29
lockd: 192.168.42.29
rquotad: 192.168.42.29
mountd: 192.168.42.29
statd: 192.168.42.29

Firewall Configuration
Server: Trusted Services/NFS4 box checked
Client: Trusted Services/NFS4 box checked

/etc/exports line
/media/Oberon 192.168.42.0/24(rw,fsid=0,sec=unix,insecure,no_subtree_check,sy nc)

results of rpcinfo on server
# rpcinfo -p 192.168.42.30
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 48622 status
100024 1 tcp 48622 status
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100021 1 udp 48620 nlockmgr
100021 3 udp 48620 nlockmgr
100021 4 udp 48620 nlockmgr
100021 1 tcp 48620 nlockmgr
100021 3 tcp 48620 nlockmgr
100021 4 tcp 48620 nlockmgr
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100005 1 udp 48621 mountd
100005 1 tcp 48621 mountd
100005 2 udp 48621 mountd
100005 2 tcp 48621 mountd
100005 3 udp 48621 mountd
100005 3 tcp 48621 mountd

Results of rpcinfo on client
# rpcinfo -p 192.168.42.29
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 56566 status
100024 1 tcp 36324 status

Thanks,
Werewolf

gaz1965xx
4th September 2009, 10:09 PM
The last time i used NFS I followed the instructions on this site

http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f11/howto/nfs.html

It tells you how to configure SElinux & firewall for NFS. as well as a host of other goodies.

Hope this helps

stevea
4th September 2009, 11:08 PM
It may be SELinux, but I doubt it.

At F11 several services changed the way they use bind.

I think if you use wireshark you'll see the sever make DNS requests for the client IP, then does another DNS request for the client name. You need to either setup DNS or fiill in the /etc/hosts entry for the client on the server.

fpmurphy
6th September 2009, 03:50 PM
Turn off your firewall and see if it now works. Generally you should start the NFS daemons on specific ports and open these ports in your firewall.