LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-07-2013, 05:01 PM   #1
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,630

Rep: Reputation: 495Reputation: 495Reputation: 495Reputation: 495Reputation: 495
NFS connection issues


i have a centos 6.3 server running most current vs of NFS. I can connect to the server with all of my MACs in the LAN, but not my daughters Fedora 18 laptop. Odd thing is when I built the server at the LUG install fest I was able to connect without issue.

here should be some important info to help you help me:

Code:
[root@localhost ~]# mount -t nfs jackknife:/home/ray/NFS/ /home/kayla/NFS/
mount.nfs: access denied by server while mounting jackknife:/home/ray/NFS/
[root@localhost ~]# mount -t nfs jackknife:/home/ray/NFS/ /home/kayla/NFS/
mount.nfs: access denied by server while mounting jackknife:/home/ray/NFS/
The first attempt to connect was with iptables running, then 2nd with it stopped. same results either way so it is not a firewall issue on the server.

Here is the end of /var/log/messages and my exports on the server:

Code:
Jan  6 21:26:28 centos rpc.mountd[23489]: authenticated unmount request from 192.168.2.217:771 for /home/ray/NFS (/home/ray/NFS)
Jan  7 12:12:36 centos rpc.mountd[23489]: authenticated mount request from 192.168.2.217:1023 for /home/ray/NFS (/home/ray/NFS)
Jan  7 12:17:33 centos rpc.mountd[23489]: authenticated unmount request from 192.168.2.218:871 for /home/ray/NFS (/home/ray/NFS)
Jan  7 12:17:59 centos rpc.mountd[23489]: authenticated mount request from 192.168.2.218:1022 for /home/ray/NFS (/home/ray/NFS)
[root@centos ~]# exportfs -a
[root@centos ~]# cat /etc/exports 
/home/ray/NFS *(rw,no_subtree_check,insecure)
[root@centos ~]# service iptables off
Usage: iptables {start|stop|restart|condrestart|status|panic|save}
[root@centos ~]# service iptables stop
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Unloading modules:                               [  OK  ]
[root@centos ~]# service iptables start
iptables: Applying firewall rules:                         [  OK  ]
yes you can see i tried last night, but i didnt post about it then. was to tired to fight with it.

I am running with the insecure due to the MACs inability to connect properly, they must have the insecure flag or they can not connect.

Code:
[root@localhost ~]# showmount -e jackknife
Export list for jackknife:
/home/ray/NFS *
Code:
[root@localhost ~]# mount -v -t nfs jackknife:/home/ray/NFS/ /home/kayla/NFS/
mount.nfs: timeout set for Mon Jan  7 16:42:36 2013
mount.nfs: trying text-based options 'vers=4,addr=192.168.2.125,clientaddr=192.168.2.206'
mount.nfs: mount(2): Permission denied
mount.nfs: access denied by server while mounting jackknife:/home/ray/NFS/
Code:
[root@centos ~]# rpcinfo 
   program version netid     address                service    owner
    100000    4    tcp6      ::.0.111               portmapper superuser
    100000    3    tcp6      ::.0.111               portmapper superuser
    100000    4    udp6      ::.0.111               portmapper superuser
    100000    3    udp6      ::.0.111               portmapper superuser
    100000    4    tcp       0.0.0.0.0.111          portmapper superuser
    100000    3    tcp       0.0.0.0.0.111          portmapper superuser
    100000    2    tcp       0.0.0.0.0.111          portmapper superuser
    100000    4    udp       0.0.0.0.0.111          portmapper superuser
    100000    3    udp       0.0.0.0.0.111          portmapper superuser
    100000    2    udp       0.0.0.0.0.111          portmapper superuser
    100000    4    local     /var/run/rpcbind.sock  portmapper superuser
    100000    3    local     /var/run/rpcbind.sock  portmapper superuser
    100024    1    udp       0.0.0.0.2.150          status     29
    100024    1    tcp       0.0.0.0.2.150          status     29
    100024    1    udp6      ::.2.150               status     29
    100024    1    tcp6      ::.2.150               status     29
    100011    1    udp       0.0.0.0.3.107          rquotad    superuser
    100011    2    udp       0.0.0.0.3.107          rquotad    superuser
    100011    1    tcp       0.0.0.0.3.107          rquotad    superuser
    100011    2    tcp       0.0.0.0.3.107          rquotad    superuser
    100005    1    udp       0.0.0.0.3.124          mountd     superuser
    100005    1    tcp       0.0.0.0.3.124          mountd     superuser
    100005    1    udp6      ::.3.124               mountd     superuser
    100005    1    tcp6      ::.3.124               mountd     superuser
    100005    2    udp       0.0.0.0.3.124          mountd     superuser
    100005    2    tcp       0.0.0.0.3.124          mountd     superuser
    100005    2    udp6      ::.3.124               mountd     superuser
    100005    2    tcp6      ::.3.124               mountd     superuser
    100005    3    udp       0.0.0.0.3.124          mountd     superuser
    100005    3    tcp       0.0.0.0.3.124          mountd     superuser
    100005    3    udp6      ::.3.124               mountd     superuser
    100005    3    tcp6      ::.3.124               mountd     superuser
    100003    2    tcp       0.0.0.0.8.1            nfs        superuser
    100003    3    tcp       0.0.0.0.8.1            nfs        superuser
    100003    4    tcp       0.0.0.0.8.1            nfs        superuser
    100227    2    tcp       0.0.0.0.8.1            nfs_acl    superuser
    100227    3    tcp       0.0.0.0.8.1            nfs_acl    superuser
    100003    2    udp       0.0.0.0.8.1            nfs        superuser
    100003    3    udp       0.0.0.0.8.1            nfs        superuser
    100003    4    udp       0.0.0.0.8.1            nfs        superuser
    100227    2    udp       0.0.0.0.8.1            nfs_acl    superuser
    100227    3    udp       0.0.0.0.8.1            nfs_acl    superuser
    100003    2    tcp6      ::.8.1                 nfs        superuser
    100003    3    tcp6      ::.8.1                 nfs        superuser
    100003    4    tcp6      ::.8.1                 nfs        superuser
    100227    2    tcp6      ::.8.1                 nfs_acl    superuser
    100227    3    tcp6      ::.8.1                 nfs_acl    superuser
    100003    2    udp6      ::.8.1                 nfs        superuser
    100003    3    udp6      ::.8.1                 nfs        superuser
    100003    4    udp6      ::.8.1                 nfs        superuser
    100227    2    udp6      ::.8.1                 nfs_acl    superuser
    100227    3    udp6      ::.8.1                 nfs_acl    superuser
    100021    1    udp       0.0.0.0.128.1          nlockmgr   superuser
    100021    3    udp       0.0.0.0.128.1          nlockmgr   superuser
    100021    4    udp       0.0.0.0.128.1          nlockmgr   superuser
    100021    1    tcp       0.0.0.0.128.35         nlockmgr   superuser
    100021    3    tcp       0.0.0.0.128.35         nlockmgr   superuser
    100021    4    tcp       0.0.0.0.128.35         nlockmgr   superuser
    100021    1    udp6      ::.128.1               nlockmgr   superuser
    100021    3    udp6      ::.128.1               nlockmgr   superuser
    100021    4    udp6      ::.128.1               nlockmgr   superuser
    100021    1    tcp6      ::.128.35              nlockmgr   superuser
    100021    3    tcp6      ::.128.35              nlockmgr   superuser
    100021    4    tcp6      ::.128.35              nlockmgr   superuser
[code][root@centos ~]# cat /proc/fs/nfsd/versions
+2 +3 +4 -4.1[/code

Code:
[root@centos ~]# cat /proc/fs/nfsd/portlist 
udp 2049
tcp 2049
udp 2049
tcp 2049
[root@centos ~]# cat /proc/fs/nfsd/export
cat: /proc/fs/nfsd/export: No such file or directory
[root@centos ~]# cat /proc/fs/nfsd/exports
# Version 1.2
# Path Client(Flags) # IPs
/home	*(ro,insecure,root_squash,sync,no_wdelay,no_subtree_check,v4root,uuid=3e4c900e:7e47485d:a6d3de8c:541f3016)
/home/ray	*(ro,insecure,root_squash,sync,no_wdelay,no_subtree_check,v4root,uuid=3e4c900e:7e47485d:a6d3de8c:541f3016)
/home/ray/NFS	*(rw,insecure,root_squash,sync,wdelay,no_subtree_check,uuid=3e4c900e:7e47485d:a6d3de8c:541f3016)
/	*(ro,insecure,root_squash,sync,no_wdelay,no_subtree_check,v4root,fsid=0,uuid=5e28e0c1:91ea49c8:8d9e836e:6c59efeb)
and using the IP v Domain name didnt help either:

Code:
[root@localhost ~]# mount -v -t nfs 192.168.2.125:/home/ray/NFS/ /home/kayla/NFS/
mount.nfs: timeout set for Mon Jan  7 16:50:39 2013
mount.nfs: trying text-based options 'vers=4,addr=192.168.2.125,clientaddr=192.168.2.206'
mount.nfs: mount(2): Permission denied
mount.nfs: access denied by server while mounting 192.168.2.125:/home/ray/NFS/
still same results. and yes nfs-utils is installed on the laptop:

Code:
[root@localhost ~]# rpm -q nfs-utils
nfs-utils-1.2.7-2.fc18.x86_64


on the laptop here is the rpcinfo -p:

Code:
[root@localhost ~]# rpcinfo -p
   program vers proto   port  service
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100000    2   tcp    111  portmapper
    100000    4   udp    111  portmapper
    100000    3   udp    111  portmapper
    100000    2   udp    111  portmapper
off the top of my head that is all of the info i can think to give you. thanks in advance for the help.
 
Old 01-08-2013, 12:34 AM   #2
trijit
Member
 
Registered: Sep 2010
Location: Kolkata
Distribution: Ubuntu
Posts: 35

Rep: Reputation: 3
what does "showmount -e" show on the nfs server?
 
Old 01-08-2013, 12:56 PM   #3
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,630

Original Poster
Rep: Reputation: 495Reputation: 495Reputation: 495Reputation: 495Reputation: 495
on the server i get the following:

Code:
[root@centos ~]# showmount -e
clnt_create: RPC: Port mapper failure - Timed out
there are no other types of shares on my LAN.
 
Old 01-08-2013, 03:19 PM   #4
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,258

Rep: Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947
What about /etc/hosts.allow and /etc/hosts.deny
 
Old 01-09-2013, 12:31 AM   #5
trijit
Member
 
Registered: Sep 2010
Location: Kolkata
Distribution: Ubuntu
Posts: 35

Rep: Reputation: 3
Quote:
Originally Posted by lleb View Post
on the server i get the following:

Code:
[root@centos ~]# showmount -e
clnt_create: RPC: Port mapper failure - Timed out
there are no other types of shares on my LAN.
Can you please check the firewall settings on the server side? It may be a firewall issue blocking the NFS ports. Check for port 111 also if it's allowed.
 
Old 01-09-2013, 07:03 PM   #6
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,630

Original Poster
Rep: Reputation: 495Reputation: 495Reputation: 495Reputation: 495Reputation: 495
if it were a firewall issue, then none of my MACs would be able to connect. again read above, i tried with iptables running and stopped. no effect either way. this has nothing to do with hosts.allow/deny as the laptop can ssh into the server with zero problems in fact right now im running a simple rsync backup script from the laptop to the server.
 
Old 01-09-2013, 07:06 PM   #7
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,258

Rep: Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947
Quote:
Originally Posted by lleb View Post
this has nothing to do with hosts.allow/deny as the laptop can ssh into the server with zero problems in fact right now im running a simple rsync backup script from the laptop to the server.
That doesn't mean anything, sshd is a different protocol than NFS. hosts.deny can block NFS access without touching SSH access depending on how you have it configured.
 
Old 01-09-2013, 07:25 PM   #8
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,630

Original Poster
Rep: Reputation: 495Reputation: 495Reputation: 495Reputation: 495Reputation: 495
Code:
[ray@centos ~]$ cat /etc/hosts.allow 
#
# hosts.allow	This file contains access rules which are used to
#		allow or deny connections to network services that
#		either use the tcp_wrappers library or that have been
#		started through a tcp_wrappers-enabled xinetd.
#
#		See 'man 5 hosts_options' and 'man 5 hosts_access'
#		for information on rule syntax.
#		See 'man tcpd' for information on tcp_wrappers
#
[ray@centos ~]$ cat /etc/hosts.deny 
#
# hosts.deny	This file contains access rules which are used to
#		deny connections to network services that either use
#		the tcp_wrappers library or that have been
#		started through a tcp_wrappers-enabled xinetd.
#
#		The rules in this file can also be set up in
#		/etc/hosts.allow with a 'deny' option instead.
#
#		See 'man 5 hosts_options' and 'man 5 hosts_access'
#		for information on rule syntax.
#		See 'man tcpd' for information on tcp_wrappers
#
again as i stated, allow/deny have nothing to do with this situation. if they did, they would also block my MACs, not just the Fedora laptop.
 
Old 01-09-2013, 08:00 PM   #9
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,258

Rep: Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947
Quote:
Originally Posted by lleb View Post
again as i stated, allow/deny have nothing to do with this situation. if they did, they would also block my MACs, not just the Fedora laptop.
Not necessarily, it depends on what's in there. Since yours are empty, you're right, they're not the cause of the problem. I'll keep thinking about what could be the cause.
 
Old 01-09-2013, 08:02 PM   #10
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,630

Original Poster
Rep: Reputation: 495Reputation: 495Reputation: 495Reputation: 495Reputation: 495
many thanks.
 
Old 01-09-2013, 08:03 PM   #11
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,258

Rep: Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947
Have you tried disabling SELinux?

I would try disabling both SELinux and iptables on both the server and the client and see if it will work then. Just eliminating possible causes...SELinux often causes all kinds of networking problems for me.
 
Old 01-09-2013, 08:11 PM   #12
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,630

Original Poster
Rep: Reputation: 495Reputation: 495Reputation: 495Reputation: 495Reputation: 495
SELinux is in permissive.
 
Old 01-09-2013, 08:24 PM   #13
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 670Reputation: 670Reputation: 670Reputation: 670Reputation: 670Reputation: 670
From the fsid=0 entry for / in exports, it seems you are running NFSv4 but configuring it for v3.

The nfs root is normally somewhere like /srv/nfs or /var/nfs/exports/, depending on your disto's preference for where nfs, samba, mail etc. server data is located. All of the directories you are exporting need to be subdirectories of this nfsroot. If you are sharing directories under /home, then create directories there and bind mount them under nfsroot.
So the /home/ray/nfs directory might be bind mounted over /srv/nfs/ray/; /home/kayla/nfs/ over /srv/nfs/kayla

On the client you would use the device entry hostname:ray or hostname:kayla instead of full paths. Note how /srv/nfs is excluded.
Bind mounts also allow you to change permissions in the mount options. So /srv/nfs/ray could be mounted with the nosuid, noexec mount options if globally writable.

Note: in your case you could use /home/ as nfsroot. I think using / as nfsroot might be causing your problems. There may even be recursion introduced sharing /var/run/nfs/. It's also dangerous sharing the root partition. Some areas don't need to be shared. Others like /proc and /sys are psuedo file systems.

Another note: You were checking the firewall on the server. Check it on both. Also hosts.allow and hosts.deny can filter by hostname, IP or subnet as well, and by service. Not in your case but assuming they are OK because the macs work isn't strictly correct.

Last edited by jschiwal; 01-09-2013 at 08:27 PM.
 
1 members found this post helpful.
Old 01-09-2013, 08:40 PM   #14
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,630

Original Poster
Rep: Reputation: 495Reputation: 495Reputation: 495Reputation: 495Reputation: 495
hmm there is nothing in /srv/ and /var/nfs is not there either...

I think you are onto something, but you are talking a bit over my head .
 
Old 01-10-2013, 12:14 AM   #15
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,630

Original Poster
Rep: Reputation: 495Reputation: 495Reputation: 495Reputation: 495Reputation: 495
found the issue, now to figure out how to resolve it:

Code:
[root@localhost ~]# service iptables stop
Redirecting to /bin/systemctl stop  iptables.service
[root@localhost ~]# mount -v -t nfs -o vers=3 jackknife:/home/ray/NFS /home/kayla/NFS/
mount.nfs: timeout set for Thu Jan 10 00:06:07 2013
mount.nfs: trying text-based options 'vers=3,addr=192.168.2.125'
mount.nfs: prog 100003, trying vers=3, prot=6
mount.nfs: trying 192.168.2.125 prog 100003 vers 3 prot TCP port 2049
mount.nfs: prog 100005, trying vers=3, prot=17
mount.nfs: trying 192.168.2.125 prog 100005 vers 3 prot UDP port 892
turns out the issue is the iptables on the laptop. on the server i have set the ports to static defaults in /etc/sysconfig/nfs as well as configured the servers iptables to allow any connection from within my LAN to access the NFS share.

I need to keep iptables running rather tight on the laptop as it is my daughters school laptop (we own it, she just uses it for school work and what not taking it with her for notes).

I understand IPTABLES just enough to add ports to accept or drop, but have no clue about outbound traffic then the two way communication by NFS. I suppose I could make a small script that when she is home that will first turn off iptables, then mount the share point, but id rather make it a bit simpler then that and do so without disabling the firewall.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
NFS connection issues lleb Linux - Newbie 4 12-26-2012 12:04 AM
NFS Issues rbell54 Linux - Newbie 2 05-13-2009 08:41 PM
NFS issues alexb Linux - Server 0 09-10-2007 10:09 AM
NFS issues noir911 Linux - Software 3 09-12-2006 06:33 AM
nfs issues cwwilson721 Slackware 4 05-12-2006 03:29 AM


All times are GMT -5. The time now is 03:56 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration