FC3 nfs share to RH9 client
I've just built a machine from old bits, with a hard drive so old that it can't take FC3, so I installed RH9 on it. I want to share a directory from the FC3 machine to the RH9 one. Both machines can ping each other, I have exported the directory I want to share on the FC3 machine; the /etc/exports file reads:
/imports/4network 192.168.0.5(ro,insecure,sync) The nfs daemon is running on the FC3 server. When I try to mount the share directory on the RH9 client using mount lerebus:/imports/4network /mnt/network/ <lerebus is the FC3 machine name, assigned 192.168.0.2 in /etc/hosts file in the RH9 machine> I get the error mount: RPC: Remote system error - No route to host I've done a search for this on the net and it seems to be a firewall problem on the server. However, (a) all the solutions seem to deal with ipchains rather than iptables and (b) this firewall configuration stuff is all new to me and fairly unintelligible, so I don't know what to change to fix this problem and still keep the security tight. rpcinfo -p on the RH9 client gives: program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100024 1 udp 32768 status 100024 1 tcp 32768 status 391002 2 tcp 32768 sgi_fam 100011 1 udp 729 rquotad 100011 2 udp 729 rquotad 100011 1 tcp 732 rquotad 100011 2 tcp 732 rquotad rpcinfo -p on the FC3 server: program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100024 1 udp 32768 status 100024 1 tcp 32768 status 100011 1 udp 824 rquotad 100011 2 udp 824 rquotad 100011 1 tcp 827 rquotad 100011 2 tcp 827 rquotad 100003 2 udp 2049 nfs 100003 3 udp 2049 nfs 100003 4 udp 2049 nfs 100003 2 tcp 2049 nfs 100003 3 tcp 2049 nfs 100003 4 tcp 2049 nfs 100021 1 udp 32771 nlockmgr 100021 3 udp 32771 nlockmgr 100021 4 udp 32771 nlockmgr 100021 1 tcp 32771 nlockmgr 100021 3 tcp 32771 nlockmgr 100021 4 tcp 32771 nlockmgr 100005 1 udp 840 mountd 100005 1 tcp 843 mountd 100005 2 udp 840 mountd 100005 2 tcp 843 mountd 100005 3 udp 840 mountd 100005 3 tcp 843 mountd iptables -L on the FC3 server Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp any ACCEPT ipv6-crypt-- anywhere anywhere ACCEPT ipv6-auth-- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:5353 ACCEPT udp -- anywhere anywhere udp dpt:ipp ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Any other info I should be providing, just tell me. Thanks. |
Hi,
if that's a firewall related problem, then stop the firewall (/etc/rc.d/init.d/iptables stop, then issue a iptables -L to verify that default policies are set t oaccept) and retry your mount command. |
Tried that - thanks for the suggestion. Now I get and RPC: Timeout error.
In any case, turning off the firewall is OK to check whether that's the problem, but it's not a long-term solution. Surely there has to be a way to let the communication through the firewall. Still, fix the timeout problem first I guess. Any ideas? |
Hi,
I agree, stoping firewall isn't a final solution ! The issue is that nfs uses sun-rpc which elects a dynamical port to transfer the files. So you cannot set up an iptables rule to match nfs... that's a typical connexion tracking issue. The link below explains hos to configure nfs so that it uses allways the same port, thus you'll be able to create a rule for it : http://www.lowth.com/LinWiz/nfs_help.html as for the timeout, I see this error every time I try to mount through nfs a filesystem that's not accessible (not mounted on the nfs server, nfs server down...). I propose that you: _ check out that you wrote the right IP address in /etc/exports _ check out that nfs-kernell-server and nfs-common run on the server (I believe that both are needed) _ check out that there's not a firewall on the client side that would block nfs Good luck ! |
OK thanks, I'm away at the moment but I'll give it a try once I'm back in a couple of days. Although I have a suspiscion that the article you linked to is one that lost me in jargon when I looked around for solutions before...not to worry, I'll have a crack at it
Is there an easier way to do what I'm trying to do? I'm pretty sure I read somewhere that linux is *the* system for networking - one of the reasons I thought I'd try to link the machines. To my simple mind (not kidding, very much a newbie) it seems anything but...I can get the linux machine talking to windows easier than to another linux box! |
OK, I'm back...
I had to stop both the client and server firewalls to get the mount command to work. Thanks for the suggestion, I had assumed stopping just the server firewall would be enough. I had a look at the article at http://www.lowth.com/LinWiz/nfs_help.html. However, I'm not clear on which rules should be changed for which machine. Should both firewalls have all the changes implemented? Or should some changes be implemented for the server and others for the client? I had a look at the wizards linked from that page too, but still confused. Sorry, obviously security isn't my background! All help appreciated as always. |
All times are GMT -5. The time now is 01:20 PM. |