can't mount to NFS server

sycamorex · 06-15-2008, 06:17 AM

Hi, I'm following some tutorials to play with NFS

I'm trying to set up an NFS server on my main box (F9) and a client on my laptop (Centos 5.1) connected through a router.

THE SERVER BOX:

/etc/exports

Code:

/home   192.168.1.206(rw)
/media          192.168.1.206(rw)

192.168.1.206 being the client laptop

hosts.allow

Code:

rpcbind: 192.168.1.206            
portmap: 192.168.1.206
lockd: 192.168.1.206
mountd: 192.168.1.206
rquotad: 192.168.1.206
statd: 192.168.1.206

rpcbind: 192.168.1.206 is probably unnecessary as Centos is still using portmap, whereas F9 rpcbind.

hosts.deny

Code:

portmap:ALL
rpcbind:ALL
mountd:ALL
rquotad:ALL
statd:ALL

Running services:
netfs, nfs, nfslock, rpcbind

Code:


[root@localhost etc]# /sbin/iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:nfs
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:nfs
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Selinux is in a permissive state

THE CLIENT BOX

running services:
netfs, nfs, nfslock, portmap

When I type on the client machine (192.168.1.101 is the server machine)

Code:

# mount 192.168.1.101:/home /home/
mount: mount to NFS Server '192.168.1.101' failed: System Error: No router to host.

any hints? thanks

EDIT: and I've done /usr/sbin/exportfs -a on the server machine

sycamorex · 06-15-2008, 08:25 AM

I opened port 111 for sunrc/portmapper and 2219.

Quote:

[root@localhost /]# rpcinfo -p 192.168.1.101
program vers proto port
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100000 4 0 111 portmapper
100000 3 0 111 portmapper
100000 2 0 111 portmapper
100024 1 udp 44190 status
100024 1 tcp 32783 status
100011 1 udp 828 rquotad
100011 2 udp 828 rquotad
100011 1 tcp 831 rquotad
100011 2 tcp 831 rquotad
100021 1 udp 52027 nlockmgr
100021 3 udp 52027 nlockmgr
100021 4 udp 52027 nlockmgr
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100021 1 tcp 58986 nlockmgr
100021 3 tcp 58986 nlockmgr
100021 4 tcp 58986 nlockmgr
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100005 1 udp 52139 mountd
100005 1 tcp 46360 mountd
100005 2 udp 52139 mountd
100005 2 tcp 46360 mountd
100005 3 udp 52139 mountd
100005 3 tcp 46360 mountd

Quote:

[root@localhost /]# mount 192.168.1.101:/home /home/
mount: mount to NFS server '192.168.1.101' failed: timed out (retrying).
mount: mount to NFS server '192.168.1.101' failed: timed out (retrying).

any help?

sycamorex · 06-15-2008, 09:09 AM

I disabled the firewall on the server machine for a moment and it mounted. So the problem is the firewall. How can I check which port it is using?

EDIT: solved
here's the info that helped me
http://www.redhat.com/archives/rhl-l.../msg03051.html

sycamorex · 06-15-2008, 09:54 AM

Actually, one more question - is it really necessary to open as many as 5 ports to run NFS?

0x29a · 07-01-2008, 04:20 PM

Hi ya sycamorex,
The link you found is exactly what I needed. Thanks for finding it. I've been looking all over. Here is what I added to our iptables file (CentOS 5.x) to get nfs working, and limit connections to the IP addresses shown:

Code:

-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -p tcp --dport 111 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -p udp --dport 111 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -p tcp --dport 875 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -p udp --dport 875 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -p tcp --dport 892 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -p udp --dport 892 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -p tcp --dport 2049 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -p udp --dport 2049 -j ACCEPT

and then restarted nfs, nfslock, and iptables in this order:

Code:

# /etc/init.d/nfs restart
# /etc/init.d/nfslock restart
# /etc/init.d/iptables restart

The only thing I've noticed is that I get this

Code:

Starting NFS quotas: rpc.rquotad: Cannot bind to given address: Address already in use

Maybe I'll try resarting the services with nfslock first when I have more time. It is a few ports, to be sure, but I was stuck until I added 875 and 892. I've seen posts that suggest opening tcp-udp port range 4000:4004 as well, but nfs seems to work without them. Guess we'll wait and see what happens with that.

Good luck