I've speant the last couple of hours trying endlessly to get NFS to work accross two machines. I've worked out that it's something to do with the firewall on the server (FC3) blocking the service as if it's disabled it works fine!

I found a thread and a couple of documents that said ports 111 and 2049 need to be opened up so did this in the Security Level app... still it fails. Even when this is done by hand using the iptables command it still fails (I have restarted the firewall after changing the settings.. even tried rebooting).

The only difference between trying the two methods above was that the error changes when the gui is used... now the client reports bak saying:

mount: RPC: Unable to receive; errno = No route to host

Has anyone got a sure fireway to set up the FC3 firewall (iptables) to allow NFS to work?

Not trying to condescend, but you do have basic network connectivity to the other machine, right? Can you ping each host from the other and all that?

Mountd and friends use more or less random ports in their communication. A quick google turned up this page which seems to address the issue.

Cheers for that! That appears to be exactly what I'm looking for.

I appreciate your concern about the network conectivity but as I said in my thread if I disable the firewall on the server everything works fine... It definately has to be the dynamic NFS ports.

... I'll let you know how I get on.

Ok this is one proceadure for fixing the NFS ports in Fedora Core 3 (FC3) and opening the firewall for these ports.

After folloing the "Newbie's Guide to Small Home LAN "from the Networking section of linux questions tutorials follow these steps to allow another linux box to see the NFS server (run: "/usr/sbin/rpcinfo -p" before and after to make sure it has worked!)

1. Create the file "/etc/sysconfig/nfs" and add the following contents:

STATD_PORT=4001
LOCKD_TCPPORT=4002
LOCKD_UDPPORT=4002
MOUNTD_PORT=4003

2. Append the following to the file "/etc/services":

rquotad 4004/tcp # rpc.rquotad tcp port
rquotad 4004/udp # rpc.rquotad udp port

3. Restart the nfs services:

/etc/init.d/nfs restart
/etc/init.d/nfslock restart

4. Re-run /usr/sbin/rpcinfo -p and make sure all the ports above have changed.

5. Open up the following ports (tcp and udp) on the Fedora firewall. Do this either using the "Security Level" app in "System Settings" or using the command line iptables command (think it's in /sbin/):

111:tcp, 111:udp, 2049:tcp, 2049:udp, 4001:tcp, 4001:udp, 4002:tcp, 4002:udp, 4003:tcp, 4003:udp, 4004:tcp, 4004:udp

(You can copy and paste the above text into the "Other ports: (1029:tcp)" section of the "Security Level Configuration").

Now you should be able to mount the NFS share on the other box like so:

# mkdir /mnt/tom_share
# mount tom.exampledomain.org:/share /mnt/tom_share

If anyone knows of an eaier way please say!!

My apologies. I didn't (and still don't) see where you said it works if you disable the firewall, only that you had worked out that it was the firewall. If I had a nickel for every time someone thought they knew what the problem was, only to be *way* off ... Well, you know.

At any rate, I'm glad you got it working

No worries... it probably wasn't clear but it was the last 5 words in the first paragraph:

"I've worked out that it's something to do with the firewall on the server (FC3) blocking the service as if it's disabled it works fine!"

The "it's" was refering too the firewall... probably my bad english!

Hehehe ... Sometimes I read too fast and my brain misses important little facts like that. I see it now

OmnipotentOscar was right. While NFS uses port 2049 and portmapper uses port 111, the underlying RPC mapper uses a variation of ports, by default randomly assigned as part of the Sun specs.

You can check the IANA list of port numbers to see all official port numbers

When you start a firewall, the random ports keep getting blocked and the client cannot connect to the NFS share.

Please check lowth.com for a good, decent, web-based iptables configuration wizard. They also offer a very clear set of instructions to tie NFS down to static port (i.e. fixed and chosen by you).

JM2C as I've just run into the same <del>problem</del>issue.

I've run into the same problem in that I need to lock the NFS services on a MacOS 10.4.10 box to static ports. The pages referred to at "lowth.org" no longer seem to exist. Does anyone out there know how to do this? Do I have to twiddle some settings in Netinfo? Apple front-line support doesn't seem to have a clue ...

We actually have a forum specially for non-Linux questions of a UNIX nature here. You'll need to post your question in that forum.

Thanks for the procedure OmnipotentOscar!

On RHEL-5 or CentOS-5 I did:
edit uncomment the default ports:
Add those ports to your firewall rules:
edit Restart the services:
You should be able to NFS to the server now. No need to modify /etc/services

hi, igorgrin
Thanks so much!
I did mount nfs successfully according to your steps
(in centOS 5.4)

hi, igorgrin
Thanks so much, too!
I did mount nfs successfully according to your steps
(in centOS 5.4 server / opensuse 11.2)

Tags: linux centOs 5.4 nfs problem: System Error: No route to host

nfs client error: "System Error: No route to host"

Problema: nfs server ativado (CentOs 5.4 - ip 192.168.0.1); nfs client ativado no (opensuse 11.2 - ip 192.168.0.2);
O nfs cliente não conseguia conectar o nfs servidor, o firewall do opensuse estava aberto para nfs client, realizava o ping, e realizava ssh.

O problema foi solucionado com a dica acim ado igorgrin.

->escolher um pasta a ser compartilhada.

->sistema->administracao->configuracaoDeServidor->NFS
no botao "configuracao do servidor" colocar as portas relacionadas:

LOCKD_TCPPORT=32803
LOCKD_UDPPORT=32769
MOUNTD_PORT=892
STATD_PORT=662

ok->salvar->sair

--> seguir o roteiro acima.

Obrigado.
Tks.

Okay, I'm not sure how I missed this zombie thread the first time around, but I've got a clear visual now and I'm proceeding to engage it. tnt2br, please don't resurrect dead threads. Instead, start a new thread for your issue and include any necessary links in it (such as, for example, links to dead threads with similar problems).