FedoraForum.org - Fedora Support Forums and Community
Results 1 to 6 of 6
  1. #1
    Join Date
    Sep 2014
    Location
    Berlin
    Posts
    11

    nfs trouble

    I activated nfs on my machine:

    showmount -e localhost
    Export list for localhost:
    /home/data/incoming 192.168.1.11/255.255.255.0

    and added "nfs" to the firewall rules.

    When trying the same from the allowed remote machine (192.168.1.11):

    showmount -e 192.168.1.6
    ,,,errno 113 (No route to host)

    if I disable the firewall on my server:

    showmount -e 192.168.1.6
    Export list for 192.168.1.6:
    /home/data/incoming 192.168.1.11/255.255.255.0

    When observing traffic, I get:

    tcpdump -nn host 192.168.1.11
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on enp6s0, link-type EN10MB (Ethernet), capture size 262144 bytes
    11:56:49.144329 IP 192.168.1.11.47233 > 192.168.1.6.111: UDP, length 56
    11:56:49.144396 IP 192.168.1.6 > 192.168.1.11: ICMP host 192.168.1.6 unreachable - admin prohibited, length 92
    11:56:49.146985 IP 192.168.1.11.56333 > 192.168.1.6.111: UDP, length 56
    11:56:49.147019 IP 192.168.1.6 > 192.168.1.11: ICMP host 192.168.1.6 unreachable - admin prohibited, length 92

    So it looks like I should allow icmp traffic - how to do that?

    What's bizarre is that i can ping the client from the server, no problem:

    ping 192.168.1.6
    64 bytes...etc

    What's wrong with my firewall config?

    Thanks

  2. #2
    Join Date
    Feb 2005
    Location
    London, UK
    Posts
    565

    Re: nfs trouble

    For starters, see "5. How to Block and Enable ICMP" here: https://www.tecmint.com/firewalld-rules-for-centos-7/2/

  3. #3
    Join Date
    Sep 2014
    Location
    Berlin
    Posts
    11

    Re: nfs trouble

    Well...

    firewall-cmd --zone=FedoraWorkstation --query-icmp-block=echo-reply

    no

    If you get ‘no‘, that means there isn’t any icmp block applied, let’s enable (block) icmp.
    firewall-cmd --get-icmptypes

    address-unreachable bad-header beyond-scope communication-prohibited destination-unreachable echo-reply echo-request failed-policy fragmentation-needed host-precedence-violation host-prohibited host-redirect host-unknown host-unreachable ip-header-bad neighbour-advertisement neighbour-solicitation network-prohibited network-redirect network-unknown network-unreachable no-route packet-too-big parameter-problem port-unreachable precedence-cutoff protocol-unreachable redirect reject-route required-option-missing router-advertisement router-solicitation source-quench source-route-failed time-exceeded timestamp-reply timestamp-request tos-host-redirect tos-host-unreachable tos-network-redirect tos-network-unreachable ttl-zero-during-reassembly ttl-zero-during-transit unknown-header-type unknown-option


    So if icmp is not blocked, how come packets are not going through?

  4. #4
    Join Date
    Feb 2009
    Location
    Florida
    Posts
    548

    Re: nfs trouble

    I get the same message on the client end even though my NFS setup is operating successfully. I also recall that getting NFS operational was not completely straight forward. I last set the environment up way back in F21 or so and have not had to mess with it since.

    Code:
    $ showmount -e bilbo
    clnt_create: RPC: Port mapper failure - Unable to receive: errno 113 (No route to host)
    I know I had "showmount" working once, but it does not seem to affect NFS operation when it isn't working.



    Couple things to check:

    Did you run the "exportfs" command after editing the "/etc/exports/" file on the server?

    If selinux is in enforceing mode check that the desired "nfs_export" booleans are set.

    Code:
    # getsebool -a | less
    ...
    nfs_export_all_ro --> on
    nfs_export_all_rw --> on
    ...
    Laptop: ASUS K61IC/ Intel T6600 2.20Ghz x2/ 4GB/ 320GB SataII/ NVidia G96M/ fc27.x86_64
    Tower: GigaByte (990FXA)/ AMD 1100T 3.3Ghz x6/ 16GB/ 7.5TB Sata III/ AMD 6770HD/ fc27.x86_64
    Bookshelf: Shuttle DS61 (H61)/ i3-3225 3.3Ghz x2/ 16GB/ 320GB Sata II/ Intel HD 4000/ fc26.x86_64
    Embedded: BeagleBone Blk / ARM AM3358 1 GHz x1/ 512MB/ 2GB eMMC/ PowerVR SGX530/ fc27.armv7hl

  5. #5
    Join Date
    Sep 2014
    Location
    Berlin
    Posts
    11

    Re: nfs trouble

    Quote Originally Posted by Kobuck
    I get the same message on the client end even though my NFS setup is operating successfully. I also recall that getting NFS operational was not completely straight forward. I last set the environment up way back in F21 or so and have not had to mess with it since.

    Code:
    $ showmount -e bilbo
    clnt_create: RPC: Port mapper failure - Unable to receive: errno 113 (No route to host)
    I know I had "showmount" working once, but it does not seem to affect NFS operation when it isn't working.



    Couple things to check:

    Did you run the "exportfs" command after editing the "/etc/exports/" file on the server?

    If selinux is in enforceing mode check that the desired "nfs_export" booleans are set.

    Code:
    # getsebool -a | less
    ...
    nfs_export_all_ro --> on
    nfs_export_all_rw --> on
    ...
    tried everything - no access.

    ---------- Post added at 01:11 PM ---------- Previous post was at 01:10 PM ----------

    Quote Originally Posted by pierods
    I activated nfs on my machine:

    showmount -e localhost
    Export list for localhost:
    /home/data/incoming 192.168.1.11/255.255.255.0

    and added "nfs" to the firewall rules.

    When trying the same from the allowed remote machine (192.168.1.11):

    showmount -e 192.168.1.6
    ,,,errno 113 (No route to host)

    if I disable the firewall on my server:

    showmount -e 192.168.1.6
    Export list for 192.168.1.6:
    /home/data/incoming 192.168.1.11/255.255.255.0

    When observing traffic, I get:

    tcpdump -nn host 192.168.1.11
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on enp6s0, link-type EN10MB (Ethernet), capture size 262144 bytes
    11:56:49.144329 IP 192.168.1.11.47233 > 192.168.1.6.111: UDP, length 56
    11:56:49.144396 IP 192.168.1.6 > 192.168.1.11: ICMP host 192.168.1.6 unreachable - admin prohibited, length 92
    11:56:49.146985 IP 192.168.1.11.56333 > 192.168.1.6.111: UDP, length 56
    11:56:49.147019 IP 192.168.1.6 > 192.168.1.11: ICMP host 192.168.1.6 unreachable - admin prohibited, length 92

    So it looks like I should allow icmp traffic - how to do that?

    What's bizarre is that i can ping the client from the server, no problem:

    ping 192.168.1.6
    64 bytes...etc

    What's wrong with my firewall config?

    Thanks
    more specifically:

    firewall-cmd --zone=FedoraWorkstation --query-icmp-block=host-prohibited
    no

  6. #6
    Join Date
    Sep 2014
    Location
    Berlin
    Posts
    11

    Re: nfs trouble

    Allright, I got it...

    When you check "nfs" under firewall/services, it does not, incredibly, open 111tcp/udp and 2049 tcp/udp.

    Fedora 26 is bug paradise...

Similar Threads

  1. CPU Fan trouble
    By Agares in forum Hardware & Laptops
    Replies: 7
    Last Post: 15th January 2008, 11:27 PM
  2. Replies: 0
    Last Post: 5th July 2005, 02:45 AM
  3. trouble using RPM
    By BoHu in forum Using Fedora
    Replies: 5
    Last Post: 11th March 2005, 04:30 AM
  4. trouble with RPM's
    By kaiya in forum Installation, Upgrades and Live Media
    Replies: 3
    Last Post: 15th August 2004, 12:49 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •