Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I've speant the last couple of hours trying endlessly to get NFS to work accross two machines. I've worked out that it's something to do with the firewall on the server (FC3) blocking the service as if it's disabled it works fine!
I found a thread and a couple of documents that said ports 111 and 2049 need to be opened up so did this in the Security Level app... still it fails. Even when this is done by hand using the iptables command it still fails (I have restarted the firewall after changing the settings.. even tried rebooting).
The only difference between trying the two methods above was that the error changes when the gui is used... now the client reports bak saying:
mount: RPC: Unable to receive; errno = No route to host
Has anyone got a sure fireway to set up the FC3 firewall (iptables) to allow NFS to work?
Cheers for that! That appears to be exactly what I'm looking for.
I appreciate your concern about the network conectivity but as I said in my thread if I disable the firewall on the server everything works fine... It definately has to be the dynamic NFS ports.
Ok this is one proceadure for fixing the NFS ports in Fedora Core 3 (FC3) and opening the firewall for these ports.
After folloing the "Newbie's Guide to Small Home LAN "from the Networking section of linux questions tutorials follow these steps to allow another linux box to see the NFS server (run: "/usr/sbin/rpcinfo -p" before and after to make sure it has worked!)
1. Create the file "/etc/sysconfig/nfs" and add the following contents:
4. Re-run /usr/sbin/rpcinfo -p and make sure all the ports above have changed.
5. Open up the following ports (tcp and udp) on the Fedora firewall. Do this either using the "Security Level" app in "System Settings" or using the command line iptables command (think it's in /sbin/):
Originally posted by OmnipotentOscar I appreciate your concern about the network conectivity but as I said in my thread if I disable the firewall on the server everything works fine... It definately has to be the dynamic NFS ports.
My apologies. I didn't (and still don't) see where you said it works if you disable the firewall, only that you had worked out that it was the firewall. If I had a nickel for every time someone thought they knew what the problem was, only to be *way* off ... Well, you know.
OmnipotentOscar was right. While NFS uses port 2049 and portmapper uses port 111, the underlying RPC mapper uses a variation of ports, by default randomly assigned as part of the Sun specs.
I've run into the same problem in that I need to lock the NFS services on a MacOS 10.4.10 box to static ports. The pages referred to at "lowth.org" no longer seem to exist. Does anyone out there know how to do this? Do I have to twiddle some settings in Netinfo? Apple front-line support doesn't seem to have a clue ...
I've run into the same problem in that I need to lock the NFS services on a MacOS 10.4.10 box to static ports. The pages referred to at "lowth.org" no longer seem to exist. Does anyone out there know how to do this? Do I have to twiddle some settings in Netinfo? Apple front-line support doesn't seem to have a clue ...
We actually have a forum specially for non-Linux questions of a UNIX nature here. You'll need to post your question in that forum.
# NFS
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 111 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 111 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 662 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 662 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 892 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 892 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 2049 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 2049 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 32803 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 32803 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 32769 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 32769 -j ACCEPT
hi, igorgrin
Thanks so much, too!
I did mount nfs successfully according to your steps
(in centOS 5.4 server / opensuse 11.2)
Tags: linux centOs 5.4 nfs problem: System Error: No route to host
nfs client error: "System Error: No route to host"
Problema: nfs server ativado (CentOs 5.4 - ip 192.168.0.1); nfs client ativado no (opensuse 11.2 - ip 192.168.0.2);
O nfs cliente não conseguia conectar o nfs servidor, o firewall do opensuse estava aberto para nfs client, realizava o ping, e realizava ssh.
O problema foi solucionado com a dica acim ado igorgrin.
->escolher um pasta a ser compartilhada.
->sistema->administracao->configuracaoDeServidor->NFS
no botao "configuracao do servidor" colocar as portas relacionadas:
Okay, I'm not sure how I missed this zombie thread the first time around, but I've got a clear visual now and I'm proceeding to engage it. tnt2br, please don't resurrect dead threads. Instead, start a new thread for your issue and include any necessary links in it (such as, for example, links to dead threads with similar problems).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.