LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   FC3 nfs share to RH9 client (https://www.linuxquestions.org/questions/linux-networking-3/fc3-nfs-share-to-rh9-client-326574/)

bcal 05-24-2005 08:12 AM
FC3 nfs share to RH9 client
 
I've just built a machine from old bits, with a hard drive so old that it can't take FC3, so I installed RH9 on it. I want to share a directory from the FC3 machine to the RH9 one. Both machines can ping each other, I have exported the directory I want to share on the FC3 machine; the /etc/exports file reads:
/imports/4network 192.168.0.5(ro,insecure,sync)

The nfs daemon is running on the FC3 server.

When I try to mount the share directory on the RH9 client using
mount lerebus:/imports/4network /mnt/network/
<lerebus is the FC3 machine name, assigned 192.168.0.2 in /etc/hosts file in the RH9 machine>

I get the error
mount: RPC: Remote system error - No route to host

I've done a search for this on the net and it seems to be a firewall problem on the server. However, (a) all the solutions seem to deal with ipchains rather than iptables and (b) this firewall configuration stuff is all new to me and fairly unintelligible, so I don't know what to change to fix this problem and still keep the security tight.

rpcinfo -p on the RH9 client gives:
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 32768 status
100024 1 tcp 32768 status
391002 2 tcp 32768 sgi_fam
100011 1 udp 729 rquotad
100011 2 udp 729 rquotad
100011 1 tcp 732 rquotad
100011 2 tcp 732 rquotad

rpcinfo -p on the FC3 server:
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 32768 status
100024 1 tcp 32768 status
100011 1 udp 824 rquotad
100011 2 udp 824 rquotad
100011 1 tcp 827 rquotad
100011 2 tcp 827 rquotad
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100021 1 udp 32771 nlockmgr
100021 3 udp 32771 nlockmgr
100021 4 udp 32771 nlockmgr
100021 1 tcp 32771 nlockmgr
100021 3 tcp 32771 nlockmgr
100021 4 tcp 32771 nlockmgr
100005 1 udp 840 mountd
100005 1 tcp 843 mountd
100005 2 udp 840 mountd
100005 2 tcp 843 mountd
100005 3 udp 840 mountd
100005 3 tcp 843 mountd


iptables -L on the FC3 server
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT ipv6-crypt-- anywhere anywhere
ACCEPT ipv6-auth-- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:5353
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited


Any other info I should be providing, just tell me. Thanks.

fr_laz 05-24-2005 08:32 AM
Hi,

if that's a firewall related problem, then stop the firewall (/etc/rc.d/init.d/iptables stop, then issue a iptables -L to verify that default policies are set t oaccept) and retry your mount command.

bcal 05-25-2005 05:33 AM
Tried that - thanks for the suggestion. Now I get and RPC: Timeout error.

In any case, turning off the firewall is OK to check whether that's the problem, but it's not a long-term solution. Surely there has to be a way to let the communication through the firewall.

Still, fix the timeout problem first I guess. Any ideas?

fr_laz 05-26-2005 07:34 AM
Hi,

I agree, stoping firewall isn't a final solution ! The issue is that nfs uses sun-rpc which elects a dynamical port to transfer the files. So you cannot set up an iptables rule to match nfs... that's a typical connexion tracking issue. The link below explains hos to configure nfs so that it uses allways the same port, thus you'll be able to create a rule for it :
http://www.lowth.com/LinWiz/nfs_help.html

as for the timeout, I see this error every time I try to mount through nfs a filesystem that's not accessible (not mounted on the nfs server, nfs server down...).
I propose that you:
_ check out that you wrote the right IP address in /etc/exports
_ check out that nfs-kernell-server and nfs-common run on the server (I believe that both are needed)
_ check out that there's not a firewall on the client side that would block nfs

Good luck !

bcal 05-30-2005 01:03 PM
OK thanks, I'm away at the moment but I'll give it a try once I'm back in a couple of days. Although I have a suspiscion that the article you linked to is one that lost me in jargon when I looked around for solutions before...not to worry, I'll have a crack at it

Is there an easier way to do what I'm trying to do? I'm pretty sure I read somewhere that linux is *the* system for networking - one of the reasons I thought I'd try to link the machines. To my simple mind (not kidding, very much a newbie) it seems anything but...I can get the linux machine talking to windows easier than to another linux box!

bcal 06-07-2005 09:23 AM
OK, I'm back...

I had to stop both the client and server firewalls to get the mount command to work. Thanks for the suggestion, I had assumed stopping just the server firewall would be enough.

I had a look at the article at http://www.lowth.com/LinWiz/nfs_help.html. However, I'm not clear on which rules should be changed for which machine. Should both firewalls have all the changes implemented? Or should some changes be implemented for the server and others for the client? I had a look at the wizards linked from that page too, but still confused. Sorry, obviously security isn't my background! All help appreciated as always.


All times are GMT -5. The time now is 01:20 PM.