I just installed RHEL 6 Beta 2 on an extra workstation. The installation process is more streamlined than in previous iterations including the elimination, it seems, of running any first boot utility post-install. This takes away the option of turning iptables off out of the gate. I decided to take this as an opportunity to learn a little more about iptables so I left it running.
One thing I'm trying to do is get it set up as an NFS server for installing VMs on my regular workstation. iptables naturally keeps most things out so I had to figure out how to open it up for NFS. I found a post at
nixCraft that explains opening up ports. I add the rules and restart iptables on the server but I'm still unable to connect.
From my local workstation I'm trying to mount the directory (after having set it up for sharing out, of course) but it fails:
Code:
msnyder@msnyder:~/.ssh> sudo mount -v -t nfs 192.168.4.231:/var/ftp/pub /mnt
mount.nfs: timeout set for Sun Sep 19 17:54:53 2010
mount.nfs: text-based options: 'nolock,addr=192.168.4.231'
mount.nfs: trying 192.168.4.231 prog 100003 vers 3 prot TCP port 2049
mount.nfs: trying 192.168.4.231 prog 100005 vers 3 prot UDP port 44042
mount.nfs: text-based options (retry): 'nolock,addr=192.168.4.231,nfsvers=3,proto=tcp,mountproto=udp'
192.168.4.231:/var/ftp/pub on /mnt type nfs (rw,nolock)
I've tried it with and without portmap running on the client side. When trying without portmap running I use the '-o nolock' option. No rule is listed for port 44042. Should I create that?
Code:
-A INPUT -s 192.168.4.0/24 -m state --state NEW -p udp --dport 111 -j ACCEPT
-A INPUT -s 192.168.4.0/24 -m state --state NEW -p tcp --dport 111 -j ACCEPT
-A INPUT -s 192.168.4.0/24 -m state --state NEW -p tcp --dport 2049 -j ACCEPT
-A INPUT -s 192.168.4.0/24 -m state --state NEW -p tcp --dport 32803 -j ACCEPT
-A INPUT -s 192.168.4.0/24 -m state --state NEW -p udp --dport 32769 -j ACCEPT
-A INPUT -s 192.168.4.0/24 -m state --state NEW -p tcp --dport 892 -j ACCEPT
-A INPUT -s 192.168.4.0/24 -m state --state NEW -p udp --dport 892 -j ACCEPT
-A INPUT -s 192.168.4.0/24 -m state --state NEW -p tcp --dport 875 -j ACCEPT
-A INPUT -s 192.168.4.0/24 -m state --state NEW -p udp --dport 875 -j ACCEPT
-A INPUT -s 192.168.4.0/24 -m state --state NEW -p tcp --dport 662 -j ACCEPT
-A INPUT -s 192.168.4.0/24 -m state --state NEW -p udp --dport 662 -j ACCEPT
I turned off iptables and verified that I can mount the share. Additionally, if I comment out all the rules above and use the firewall config utility that Red Hat provided, enabling NFS4, a single rule for port 2049 is created. If I then try to connect I seem to get further but it still fails:
Code:
msnyder@msnyder:~/.ssh> sudo mount -v -t nfs -o nolock 192.168.4.231:/var/ftp/pub /mnt
mount.nfs: timeout set for Sun Sep 19 18:23:09 2010
mount.nfs: text-based options: 'nolock,addr=192.168.4.231'
mount.nfs: Unable to connect to 192.168.4.231:111, errno 113 (No route to host)
mount.nfs: mount to NFS server '192.168.4.231:/var/ftp/pub' failed: System Error: No route to host
Seeing that I uncommented both the rules for port 111 which then just leaves me with the same error as before.
Can anyone provide some insight into what I might be doing wrong or not doing that I should be?
*EDIT for addition information: I noticed that my client (on openSUSE 11.2) is trying to connect using NFSv3 based on the error above but, Red Hat's firewall utility only lists NFSv4 as an option. Will this make a difference?
Problem mounting NFS share
