Fedora Linux Support Community & Resources Center
  #1  
Old 11th October 2017, 10:59 AM
pierods Offline
Registered User
 
Join Date: Sep 2014
Location: Berlin
Posts: 11
linuxfedorafirefox
nfs trouble

I activated nfs on my machine:

showmount -e localhost
Export list for localhost:
/home/data/incoming 192.168.1.11/255.255.255.0

and added "nfs" to the firewall rules.

When trying the same from the allowed remote machine (192.168.1.11):

showmount -e 192.168.1.6
,,,errno 113 (No route to host)

if I disable the firewall on my server:

showmount -e 192.168.1.6
Export list for 192.168.1.6:
/home/data/incoming 192.168.1.11/255.255.255.0

When observing traffic, I get:

tcpdump -nn host 192.168.1.11
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp6s0, link-type EN10MB (Ethernet), capture size 262144 bytes
11:56:49.144329 IP 192.168.1.11.47233 > 192.168.1.6.111: UDP, length 56
11:56:49.144396 IP 192.168.1.6 > 192.168.1.11: ICMP host 192.168.1.6 unreachable - admin prohibited, length 92
11:56:49.146985 IP 192.168.1.11.56333 > 192.168.1.6.111: UDP, length 56
11:56:49.147019 IP 192.168.1.6 > 192.168.1.11: ICMP host 192.168.1.6 unreachable - admin prohibited, length 92

So it looks like I should allow icmp traffic - how to do that?

What's bizarre is that i can ping the client from the server, no problem:

ping 192.168.1.6
64 bytes...etc

What's wrong with my firewall config?

Thanks
Reply With Quote
  #2  
Old 11th October 2017, 11:13 AM
HaydnH's Avatar
HaydnH Offline
Registered User
 
Join Date: Feb 2005
Location: London, UK
Posts: 505
windows_7chrome
Re: nfs trouble

For starters, see "5. How to Block and Enable ICMP" here: https://www.tecmint.com/firewalld-rules-for-centos-7/2/
Reply With Quote
  #3  
Old 11th October 2017, 11:24 AM
pierods Offline
Registered User
 
Join Date: Sep 2014
Location: Berlin
Posts: 11
linuxfedorafirefox
Re: nfs trouble

Well...

firewall-cmd --zone=FedoraWorkstation --query-icmp-block=echo-reply

no

Quote:
If you get ‘no‘, that means there isn’t any icmp block applied, let’s enable (block) icmp.
firewall-cmd --get-icmptypes

address-unreachable bad-header beyond-scope communication-prohibited destination-unreachable echo-reply echo-request failed-policy fragmentation-needed host-precedence-violation host-prohibited host-redirect host-unknown host-unreachable ip-header-bad neighbour-advertisement neighbour-solicitation network-prohibited network-redirect network-unknown network-unreachable no-route packet-too-big parameter-problem port-unreachable precedence-cutoff protocol-unreachable redirect reject-route required-option-missing router-advertisement router-solicitation source-quench source-route-failed time-exceeded timestamp-reply timestamp-request tos-host-redirect tos-host-unreachable tos-network-redirect tos-network-unreachable ttl-zero-during-reassembly ttl-zero-during-transit unknown-header-type unknown-option


So if icmp is not blocked, how come packets are not going through?
Reply With Quote
  #4  
Old 11th October 2017, 01:35 PM
Kobuck Offline
Registered User
 
Join Date: Feb 2009
Location: Florida
Posts: 522
linuxfedorafirefox
Re: nfs trouble

I get the same message on the client end even though my NFS setup is operating successfully. I also recall that getting NFS operational was not completely straight forward. I last set the environment up way back in F21 or so and have not had to mess with it since.

Code:
$ showmount -e bilbo
clnt_create: RPC: Port mapper failure - Unable to receive: errno 113 (No route to host)
I know I had "showmount" working once, but it does not seem to affect NFS operation when it isn't working.



Couple things to check:

Did you run the "exportfs" command after editing the "/etc/exports/" file on the server?

If selinux is in enforceing mode check that the desired "nfs_export" booleans are set.

Code:
# getsebool -a | less
...
nfs_export_all_ro --> on
nfs_export_all_rw --> on
...
__________________
Laptop: ASUS K61IC/ Intel T6600 2.20Ghz x2/ 4GB/ 320GB SataII/ NVidia G96M/ fc26.x86_64
Tower: GigaByte (990FXA)/ AMD 1100T 3.3Ghz x6/ 16GB/ 7.5TB Sata III/ AMD 6770HD/ fc26.x86_64
Bookshelf: Shuttle DS61 (H61)/ i3-3225 3.3Ghz x2/ 16GB/ 320GB Sata II/ Intel HD 4000/ fc26.x86_64
Embedded: BeagleBone Blk / ARM AM3358 1 GHz x1/ 512MB/ 2GB eMMC/ PowerVR SGX530/ fc26.armv7hl
Reply With Quote
  #5  
Old 11th October 2017, 02:11 PM
pierods Offline
Registered User
 
Join Date: Sep 2014
Location: Berlin
Posts: 11
linuxfedorafirefox
Re: nfs trouble

Quote:
Originally Posted by Kobuck View Post
I get the same message on the client end even though my NFS setup is operating successfully. I also recall that getting NFS operational was not completely straight forward. I last set the environment up way back in F21 or so and have not had to mess with it since.

Code:
$ showmount -e bilbo
clnt_create: RPC: Port mapper failure - Unable to receive: errno 113 (No route to host)
I know I had "showmount" working once, but it does not seem to affect NFS operation when it isn't working.



Couple things to check:

Did you run the "exportfs" command after editing the "/etc/exports/" file on the server?

If selinux is in enforceing mode check that the desired "nfs_export" booleans are set.

Code:
# getsebool -a | less
...
nfs_export_all_ro --> on
nfs_export_all_rw --> on
...
tried everything - no access.

---------- Post added at 01:11 PM ---------- Previous post was at 01:10 PM ----------

Quote:
Originally Posted by pierods View Post
I activated nfs on my machine:

showmount -e localhost
Export list for localhost:
/home/data/incoming 192.168.1.11/255.255.255.0

and added "nfs" to the firewall rules.

When trying the same from the allowed remote machine (192.168.1.11):

showmount -e 192.168.1.6
,,,errno 113 (No route to host)

if I disable the firewall on my server:

showmount -e 192.168.1.6
Export list for 192.168.1.6:
/home/data/incoming 192.168.1.11/255.255.255.0

When observing traffic, I get:

tcpdump -nn host 192.168.1.11
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp6s0, link-type EN10MB (Ethernet), capture size 262144 bytes
11:56:49.144329 IP 192.168.1.11.47233 > 192.168.1.6.111: UDP, length 56
11:56:49.144396 IP 192.168.1.6 > 192.168.1.11: ICMP host 192.168.1.6 unreachable - admin prohibited, length 92
11:56:49.146985 IP 192.168.1.11.56333 > 192.168.1.6.111: UDP, length 56
11:56:49.147019 IP 192.168.1.6 > 192.168.1.11: ICMP host 192.168.1.6 unreachable - admin prohibited, length 92

So it looks like I should allow icmp traffic - how to do that?

What's bizarre is that i can ping the client from the server, no problem:

ping 192.168.1.6
64 bytes...etc

What's wrong with my firewall config?

Thanks
more specifically:

firewall-cmd --zone=FedoraWorkstation --query-icmp-block=host-prohibited
no
Reply With Quote
  #6  
Old 11th October 2017, 02:24 PM
pierods Offline
Registered User
 
Join Date: Sep 2014
Location: Berlin
Posts: 11
linuxfedorafirefox
Re: nfs trouble

Allright, I got it...

When you check "nfs" under firewall/services, it does not, incredibly, open 111tcp/udp and 2049 tcp/udp.

Fedora 26 is bug paradise...
Reply With Quote
Reply

Tags
nfs , trouble

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
CPU Fan trouble Agares Hardware & Laptops 7 15th January 2008 11:27 PM
freezing during screensaver and trouble on reboot + gnome panel trouble bwalsh Using Fedora 0 5th July 2005 02:45 AM
trouble using RPM BoHu Using Fedora 5 11th March 2005 04:30 AM
trouble with RPM's kaiya Installation, Upgrades and Live Media 3 15th August 2004 12:49 PM


Current GMT-time: 09:01 (Wednesday, 18-10-2017)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat