newbie needs help:

I'm trying to get my Slackware 10 machine to mount a directory on another machine on the network.

I get this error:

mount: RPC: Unable to receive; errno = No route to host

I've set up a rc.firewall script (/etc/rc.d/rc.firewall) which allows nfs, portmap, etc, and when I type: iptables -L I see what I expect, but Slackware seems to be paying no attention to iptables.

When I nmap the localhost, I see that rpcbind is open (good), but nfs is closed. nmap also reveals that http and smtp are open, but I have not referred to them in my rc.firewall.

1) Do I have to 'enable' iptables somehow?

2) How do I tell if my kernel has support for Iptables?

3) where is this default configuration coming from?

Nmaping localhost is usually not a good way to get an idea of what ports are open when troubleshooting networking/firewall problems. Try nmaping from the remote machine instead. Often firewalls will allow local traffic (traffic that the system is sending to itself) but will handle remote traffic more strictly.

1. Should already be enabled. The fact that you can run iptables -L indicates that it's enabled and running.
2. As long as you are running a stock 2.4 (or newer) series kernel it should have it enabled. If you've compiled your own kernel, then you'd need to make sure that the netfilter options are selected during the kernel config step.
3. As far as I'm aware, Slack keeps it's iptables script in /etc/rc.d/rc.firewall

Thanks,

I tried nmapping from the remote machine. At first I got the respose that the host was down. It suggested I try -P0. I did this and got this response:

PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
2049/tcp closed nfs

I copied an rc.firewall from a tutorial and modified it. Here is what my rc.firewall looks like:

#!/bin/bash

# rc.firewall for
# Basic Slackware Security

# These two rules set the default policies, i.e. what to do if a
# packet doesn't match any other rule, to drop any packet coming
# into (INPUT) or routing through (FORWARD) the box.
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP

# These rules are added (-A) to the INPUT chain. They allow packets
# from any previously established connections and accept anything
# from the loopback interface.
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -i lo -j ACCEPT

# This rule added to the INPUT chain accepts any ssh connections.
iptables -A INPUT -p tcp --dport 22 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 2049 -i eth0 -j ACCEPT
iptables -A INPUT -p udp --dport 2049 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 111 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -i eth0 -j ACCEPT


Any thoughts?

Judging from the error message and your firewall rules, it looks like the problem is due to mountd (rpc.mountd). To start, rule out all the other possibilities. Do the following as root:

iptables -P INPUT ACCEPT
iptables -F

then try connecting with the NFS client. If it works, then you know it's the firewall, if it doesn't work then the problem is elsewhere. Once you are done testing, re-run your firewall script to restore your firewall.

If the problem is the firewall, then it's likely that you'll need to set mountd to run on a single pre-defined port and then open up that port as well for mountd.

Just so the obvious isn't overlooked, does the /etc/exports file on the remote nfs server allow a connection from your Slackware box?

Thanks for the help.

It turns out that the problem was the mountd port. I adjusted my firewall rules, and everything works fine.