LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-17-2009, 08:57 PM   #1
Laserjock
LQ Newbie
 
Registered: Dec 2004
Location: Raleigh, NC USA
Distribution: CentOS 5, RHEL 5, Ubuntu
Posts: 19

Rep: Reputation: 0
Can't mount nfs dir with iptables up on server


I'm trying to mount an NFS share on my client computer but cannot connect unless I turn the iptables service off. I'm not sure which rule is blocking the connection. My NFS/RPC ports all seem to be associated with ACCEPT rules in my firewall.

I'm still learning iptables, which is a lot more complex than I initially thought. (I have a bad habit of editing the iptables file directly and backing it up all the time.)

Client mount attempt:
Code:
mount -v 192.168.1.11:/install /shared
mount: trying 192.168.1.11 prog 100003 vers 3 prot tcp port 2049
mount: mount to NFS server '192.168.1.11' failed: timed out (retrying)
Server: /etc/sysconfig/nfs:
Code:
#
# Define which protocol versions mountd
# will advertise. The values are "no" or "yes"
# with yes being the default
#MOUNTD_NFS_V1="no"
#MOUNTD_NFS_V2="no"
#MOUNTD_NFS_V3="no"
#
#
# Path to remote quota server. See rquotad(8)
#RQUOTAD="/usr/sbin/rpc.rquotad"
# Port rquotad should listen on.
RQUOTAD_PORT=10005
# Optinal options passed to rquotad
#RPCRQUOTADOPTS=""
#
#
# TCP port rpc.lockd should listen on.
LOCKD_TCPPORT=10000
# UDP port rpc.lockd should listen on.
LOCKD_UDPPORT=10001
#
#
# Optional arguments passed to rpc.nfsd. See rpc.nfsd(8)
# Turn off v2 and v3 protocol support
#RPCNFSDARGS="-N 2 -N 3"
# Turn off v4 protocol support
#RPCNFSDARGS="-N 4"
# Number of nfs server processes to be started.
# The default is 8.
#RPCNFSDCOUNT=8
# Stop the nfsd module from being pre-loaded
#NFSD_MODULE="noload"
#
#
# Optional arguments passed to rpc.mountd. See rpc.mountd(8)
#RPCMOUNTDOPTS=""
# Port rpc.mountd should listen on.
MOUNTD_PORT=10004
#
#
# Optional arguments passed to rpc.statd. See rpc.statd(8)
#STATDARG=""
# Port rpc.statd should listen on.
STATD_PORT=10002
# Outgoing port statd should used. The default is port
# is random
STATD_OUTGOING_PORT=10003
# Specify callout program
#STATD_HA_CALLOUT="/usr/local/bin/foo"
#
#
# Optional arguments passed to rpc.idmapd. See rpc.idmapd(8)
#RPCIDMAPDARGS=""
#
# Set to turn on Secure NFS mounts.
#SECURE_NFS="yes"
# Optional arguments passed to rpc.gssd. See rpc.gssd(8)
#RPCGSSDARGS="-vvv"
# Optional arguments passed to rpc.svcgssd. See rpc.svcgssd(8)
#RPCSVCGSSDARGS="-vvv"
# Don't load security modules in to the kernel
#SECURE_NFS_MODS="noload"
#
# Don't load sunrpc module.
#RPCMTAB="noload"

Server: iptables -nL:
Code:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 255
ACCEPT     esp  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     ah   --  0.0.0.0/0            0.0.0.0/0
ACCEPT     udp  --  0.0.0.0/0            224.0.0.251         udp dpt:5353
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:631
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:631
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:25
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:21
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:137
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:138
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:139
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:445
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:443
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:5801
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:5901
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:6001
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:53
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:53
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:111
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:111
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:2049
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:2049
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpts:10000:10005
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpts:10000:10005
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited
 
Old 06-18-2009, 01:02 AM   #2
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,240

Rep: Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324
I think that looks ok, have you run

service nfs status
exportfs -v

to check all nfs-related services are up on server?
 
Old 06-18-2009, 02:22 PM   #3
Laserjock
LQ Newbie
 
Registered: Dec 2004
Location: Raleigh, NC USA
Distribution: CentOS 5, RHEL 5, Ubuntu
Posts: 19

Original Poster
Rep: Reputation: 0
chrism01,

I ran exportfs -v and made sure that NFS was running properly, but I still can't get through. It has to be iptables, since I can mount the NFS share when I stop the service (service iptables stop).

Do my rules look ok? What is the difference between the "state NEW" rules and the rather generic ones underneath?
 
Old 06-18-2009, 07:32 PM   #4
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,240

Rep: Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324
In your case, not a lot

Traditionally, replace your 'NEW' keyword with 'ESTABLISHED,RELATED' ie check for known cxns first, then 'new' (optional keyword).
You'll need a

service iptables restart

Please show the output of those other cmds I mentioned.

Also need to check firewall on client
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
how to mount a nfs mount from linux client to AIX nfs server dennyqian AIX 13 04-12-2016 12:30 AM
mount.nfs: mount to NFS server 'jesse' failed: timed out, retrying keupie Linux - Networking 3 06-05-2009 08:03 PM
auto mount to nfs home dir when user login to nis client lijianatusa Linux - Newbie 4 02-26-2009 12:38 AM
NFS mount mount.nfs: access denied by server while mounting knockout_artist Linux - Newbie 2 11-26-2008 03:36 PM
Can't nfs mount aix dir on linux client! oracleguy Linux - Enterprise 1 12-21-2005 10:59 AM


All times are GMT -5. The time now is 06:13 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration