Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm trying to get my Slackware 10 machine to mount a directory on another machine on the network.
I get this error:
mount: RPC: Unable to receive; errno = No route to host
I've set up a rc.firewall script (/etc/rc.d/rc.firewall) which allows nfs, portmap, etc, and when I type: iptables -L I see what I expect, but Slackware seems to be paying no attention to iptables.
When I nmap the localhost, I see that rpcbind is open (good), but nfs is closed. nmap also reveals that http and smtp are open, but I have not referred to them in my rc.firewall.
1) Do I have to 'enable' iptables somehow?
2) How do I tell if my kernel has support for Iptables?
3) where is this default configuration coming from?
Nmaping localhost is usually not a good way to get an idea of what ports are open when troubleshooting networking/firewall problems. Try nmaping from the remote machine instead. Often firewalls will allow local traffic (traffic that the system is sending to itself) but will handle remote traffic more strictly.
1. Should already be enabled. The fact that you can run iptables -L indicates that it's enabled and running.
2. As long as you are running a stock 2.4 (or newer) series kernel it should have it enabled. If you've compiled your own kernel, then you'd need to make sure that the netfilter options are selected during the kernel config step.
3. As far as I'm aware, Slack keeps it's iptables script in /etc/rc.d/rc.firewall
I tried nmapping from the remote machine. At first I got the respose that the host was down. It suggested I try -P0. I did this and got this response:
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
2049/tcp closed nfs
I copied an rc.firewall from a tutorial and modified it. Here is what my rc.firewall looks like:
#!/bin/bash
# rc.firewall for
# Basic Slackware Security
# These two rules set the default policies, i.e. what to do if a
# packet doesn't match any other rule, to drop any packet coming
# into (INPUT) or routing through (FORWARD) the box.
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
# These rules are added (-A) to the INPUT chain. They allow packets
# from any previously established connections and accept anything
# from the loopback interface.
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -i lo -j ACCEPT
# This rule added to the INPUT chain accepts any ssh connections.
iptables -A INPUT -p tcp --dport 22 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 2049 -i eth0 -j ACCEPT
iptables -A INPUT -p udp --dport 2049 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 111 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -i eth0 -j ACCEPT
Judging from the error message and your firewall rules, it looks like the problem is due to mountd (rpc.mountd). To start, rule out all the other possibilities. Do the following as root:
iptables -P INPUT ACCEPT
iptables -F
then try connecting with the NFS client. If it works, then you know it's the firewall, if it doesn't work then the problem is elsewhere. Once you are done testing, re-run your firewall script to restore your firewall.
If the problem is the firewall, then it's likely that you'll need to set mountd to run on a single pre-defined port and then open up that port as well for mountd.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.