LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (http://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   NFS and firewall in Fedora 8 environment (http://www.linuxquestions.org/questions/linux-newbie-8/nfs-and-firewall-in-fedora-8-environment-722873/)

danielmesserli 05-01-2009 02:24 AM

NFS and firewall in Fedora 8 environment
 
Hi all,
1 Can somebody explain the difference between PORTMAP and RPCbind ?
2 When I disable IPtables from the command line, then NFS functions
normally BUT
3 When (with IPtables started) I configure the firewall from the GUI tool (System --> Administration --> Firewall) to allow NFS as trusted service, and this is done of BOTH client and NFS server machine) then I get the famous " no route to host " error.

Then I am also unsure how NFS works in Fedora 8... is RPCbind something new or what is it ?
Do the nfs ports have to configured as static ?

I have read and looked around for docs and howto's etc. but I can not find any explanations or clear directives regarding this issue.

Can you please help ?

Thanks.
dan

custangro 05-01-2009 07:00 PM

Quote:

Originally Posted by danielmesserli (Post 3526486)
Hi all,
1 Can somebody explain the difference between PORTMAP and RPCbind ?
2 When I disable IPtables from the command line, then NFS functions
normally BUT
3 When (with IPtables started) I configure the firewall from the GUI tool (System --> Administration --> Firewall) to allow NFS as trusted service, and this is done of BOTH client and NFS server machine) then I get the famous " no route to host " error.

Then I am also unsure how NFS works in Fedora 8... is RPCbind something new or what is it ?
Do the nfs ports have to configured as static ?

I have read and looked around for docs and howto's etc. but I can not find any explanations or clear directives regarding this issue.

Can you please help ?

Thanks.
dan

The problem is portmap.

Portmap "dynamically" assigns ports for NFS which makes firewall configurations difficult. This can be adjusted with the /etc/sysconfig/nfs file. Open the /etc/sysconfig/nfs and uncomment/add these entries...

Code:

LOCKD_TCPPORT=32803
LOCKD_UDPPORT=32769
MOUNTD_PORT=892
STATD_PORT=662

Now use system-config-network and add/checkon the following...

Quote:

nfs tcp/upd
111 tcp/upd
32803 tcp/udp
32769 tcp/udp
892 tcp/udp
662 tcp/udp
Now make sure that these start on boot...

Code:

root@fedora# chkconfig nfs on
root@fedora# chkconfig portmap on


Restart nfs...sometimes this isn't enough and you have to reboot.

-C

danielmesserli 05-07-2009 11:24 AM

Hi Custangro,
sorry for the late reply...

So I am attempting to follow your instructions and run into a question:
After locking the ports in /etc/sysconfig/nfs ... did you not mean to write "system-config-securitylevel" to edit
the
nfs tcp/upd
111 tcp/upd
32803 tcp/udp
32769 tcp/udp
892 tcp/udp
662 tcp/udp
?
because I don't see anywhere where I could make changes in "system-config-network" ...

Cheers,

custangro 05-07-2009 11:54 AM

Quote:

Originally Posted by danielmesserli (Post 3533539)
Hi Custangro,
sorry for the late reply...

So I am attempting to follow your instructions and run into a question:
After locking the ports in /etc/sysconfig/nfs ... did you not mean to write "system-config-securitylevel" to edit
the
nfs tcp/upd
111 tcp/upd
32803 tcp/udp
32769 tcp/udp
892 tcp/udp
662 tcp/udp
?
because I don't see anywhere where I could make changes in "system-config-network" ...

Cheers,

Sorry...it was a typo...

Try system-config-securitylevel

danielmesserli 05-08-2009 05:28 AM

Hi Custangro,
..that's what I figured, a typo.

So now I am at the part where I ought to do:

[root@veda1201 ~]# chkconfig nfs on
[root@veda1201 ~]# chkconfig portmap on
error reading information on service portmap: No such file or directory
[root@veda1201 ~]# chkconfig rpcbind on
[root@veda1201 ~]#

as you see... portmap does not respond, I guess it isn't installed but rpcbind seems to respond.

So the portmap service is NOT running on my Fedora 8 system. That is where my original question sort of comes in, which was if RPCBind is simply a rename of PORTMAP... and it doesn't seem to be. There seems to be more to it...

Where do I go from here ? Is this the way it should be or am I barking up the wrong tree ?

Thanks for your continued help - really appreciate it !
dan

custangro 05-08-2009 09:52 AM

Quote:

Originally Posted by danielmesserli (Post 3534382)
Hi Custangro,
..that's what I figured, a typo.

So now I am at the part where I ought to do:

[root@veda1201 ~]# chkconfig nfs on
[root@veda1201 ~]# chkconfig portmap on
error reading information on service portmap: No such file or directory
[root@veda1201 ~]# chkconfig rpcbind on
[root@veda1201 ~]#

as you see... portmap does not respond, I guess it isn't installed but rpcbind seems to respond.

So the portmap service is NOT running on my Fedora 8 system. That is where my original question sort of comes in, which was if RPCBind is simply a rename of PORTMAP... and it doesn't seem to be. There seems to be more to it...

Where do I go from here ? Is this the way it should be or am I barking up the wrong tree ?

Thanks for your continued help - really appreciate it !
dan

It seems that in Fedora 7 and Fedora 8, portmap has been replaced by RPCBind...so yes...

Also make sure the following is on/enabled...

Code:

rpcbind
nfs
nfslock

I haven't had to deal with RPCbind (since I'm more familiar with portmap) but I assume you also have to open the RPCBIND port...

What is the output of...

Code:

root@fedora# grep -i rpcbind /etc/services
-C

kamaleshbv1 12-07-2012 07:11 PM

grep -i rpcbind /etc/services
sunrpc 111/tcp portmapper rpcbind # RPC 4.0 portmapper TCP
sunrpc 111/udp portmapper rpcbind # RPC 4.0 portmapper UDP


All times are GMT -5. The time now is 10:22 AM.