exporting NFS shares in redhat 9 / mounting them in OS X 10.2.6
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
exporting NFS shares in redhat 9 / mounting them in OS X 10.2.6
i'm new to linux - installed redhat 9 a couple of weeks ago with the aim of creating a shared media drive (music) for the macs on my local home network.
redhat 9 seemed to install OK and connects without problem through my router to the internet. I have given static IP's to all my boxes.
I have enabled apache on the linux box and i can connect to it from my mac (locally) without any problem.
i can ssh between both - mac->linux & linux->mac.
I have followed the help instructions for enabling nfs sharing. I've logged in as root and setup to share "/home/media" (which is the home directory for the user "media") to "192.168.0.48" which is my mac. Privileges are set to read/write.
from redhat terminal "rpcinfo -p" returns portmapper, nfs, and mountd as all being active.
from the os x terminal (logged in as user "w3") "rpcinfo -p 192.168.0.20" returns a "connection refused"
I think the issue lies somewhere with UID and/or permissions but i'm not sure...
I want the share to be available to a number of different users on the local network.
Can anybody shed some light on this? I've read numerous forum posts and been through the nfs-HOWTO/troubleshooting page but can't seem to find a way forward...
I can get it to mount by turning off the firewall via the redhat GUI.
Here is the listing from both those commands. I'm going to work on figuring out how to edit the iptables and what an iptable with nfs sharing enabled should look like.
Any suggestions on how do do this or where to look appreciated.
you need to allow port 111 (sunrpc, the portmapper) and then port 2049 (nfs) in.
Add (assuming 192.168.0.48 is still your mac as in your original post) to /etc/sysconfig/iptables ( you need to place them *before* the first "drop" line -- remember, the first line that matches determines the action).
-A RH-Lokkit-0-50-INPUT -s 192.168.0.48 -d 0/0 --dport 111 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -s 192.168.0.48 -d 0/0 --dport 2049 -j ACCEPT
Then stop and restart the firewall.
If you want a generic way of finding out what's going on and to debug these kinds of problems, try the following.
I added a new chain "LOG_AND_DROP" in iptables. The idea is to reroute all packets orgininally destined for "DROP" (lines which end in "-j DROP") to that new chain, which in the end also sends it to DROP, but logs it before it does so. My first lines in /etc/sysconfig/iptables look like this:
Quote:
# Firewall configuration written by lokkit
# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
# firewall; such entries will *not* be listed here.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A FORWARD -j RH-Lokkit-0-50-INPUT
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-N LOG_AND_DROP
-A LOG_AND_DROP -j LOG --log-level info --log-prefix dropped-packet:
-A LOG_AND_DROP -j DROP
Then those entries which have -j DROP originally get changed to -j LOG_AND_DROP. Each time a "DROP" rule kicks in, you will know about this -- in /var/log/messages you will find entries like
Now if this is your clean home subnet and you don't get many offending packets, you might want to leave this enabled and maybe let tripwire scan your logs. I do that since I have ports (well, one port) open to an external host (at work), and I sure want to know if someone tries to get in there from an unauthorized host. This logging of all rejects can potentially lead to a lot of output if the subnet isn't that "clean" after all. In that case you can globally disable the logging by commenting out the middle "LOG_AND_DROP" line (so you just send it to DROP, not to log) and enable the line only when you are actually in the process of debugging your firewall. The other nice thing is that you can then enable logging in a hurry if you suspect that you are under attack and want to log all stuff. Or you can leave the "benign" DROP's as -j DROP and send only those rejects to LOG_AND_DROP that you want to know about - such as incoming connections from the outside from an unauthorized host (you will catch external scans this way, for example).
Finally, you can make a similar "LOG_AND_ACCEPT" chain and see who gets allowed in and compare notes if that matches what you had intended.
hi mlp - thanks for your lengthy reply. Unfortunately i'm way back at the bus-stop...
(sorry - I haven't replied earlier - this is very much a part-time activity for me...)
I can't figure out how to edit the iptables.
I can open /etc/sysconfig/iptables in emacs, add the lines and save it. But when I reboot there are no rules at all listed with iptables -L. It's completely clean.
Redhat documentation writes about editing iptables via terminal.
If I try to add lines to iptables via terminal it doesn't seem to accept the --dport command?
Plus, I have upgraded to the new nfs and can't get it to share even with the firewall switched off. exportfs shows the share being active, rpcinfo -P from both machines shows the 2 portmapper and 2 nfs ports active.
Could this be a problem with the new nfs not being recognised by OS X...?
I don't know what OS X can do, nfs-wise, but if it doesn't handle NFS V3 you should fall back to V2. Get back to the point where you could nfs-mount without the firewall.
Before that, see that not much other network stuff is going on, and (assuming 192.168.0.48 is still your mac as in your original post) capture the output of
tcpdump -i eth0 host 192.168.0.48
for a while while the Mac tries to nfs-mount (and fails). Once we got problem #1 solved, we can get back to that and see what the problem is.
Now, after you have edited the rules in /etc/sysconfig/iptables, do
/etc/rc.d/init.d/iptables restart
I suspect that you have a "bug" in there and iptables croaks on it. You would find any complaints filed at boot time in /var/log/messages, but you don't need to reboot if you tweak your rules, and with the above command you can actually see what's wrong. I put a deliberate typo in mine. and...
Quote:
[root@mlphome root]# /etc/rc.d/init.d/iptables restart
Flushing all current rules and user defined chains: [ OK ]
Clearing all current rules and user defined chains: [ OK ]
Applying iptables firewall rules: iptables-restore v1.2.7a: Couldn't load target `RH-Lokkit-0-50-IINPUT':/lib/iptables/libipt_RH-Lokkit-0-50-IINPUT.so: cannot open shared object file: No such file or directory
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
[FAILED]
[root@mlphome root]#
So you see at once what's going on.
The other remote possibility is that you made a new kernel w/o support for iptables, or that someting switched iptables off. Do
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
ff 1
