Hello,
Ive set a server at Home for NFS share and other uses, the trouble is, I cant seem to get the NFS accessible with iptables on, Ive added the ports and have printed some outputs below;
Code:
[root@shareserver conf.d]# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
280 20112 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
289 32581 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:1989
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:32400
0 0 ACCEPT tcp -- * * 192.169.0.0/24 0.0.0.0/0 state NEW tcp dpt:80
0 0 ACCEPT tcp -- * * 192.169.0.0/24 0.0.0.0/0 state NEW tcp dpt:443
6 504 ACCEPT udp -- * * 192.168.0.0/24 0.0.0.0/0 state NEW udp dpt:111
0 0 ACCEPT tcp -- * * 192.168.0.0/24 0.0.0.0/0 state NEW tcp dpt:111
1 60 ACCEPT tcp -- * * 192.168.0.0/24 0.0.0.0/0 state NEW tcp dpt:2049
0 0 ACCEPT tcp -- * * 192.168.0.0/24 0.0.0.0/0 state NEW tcp dpt:32803
0 0 ACCEPT udp -- * * 192.168.0.0/24 0.0.0.0/0 state NEW udp dpt:32769
0 0 ACCEPT tcp -- * * 192.168.0.0/24 0.0.0.0/0 state NEW tcp dpt:892
0 0 ACCEPT udp -- * * 192.168.0.0/24 0.0.0.0/0 state NEW udp dpt:892
0 0 ACCEPT tcp -- * * 192.168.0.0/24 0.0.0.0/0 state NEW tcp dpt:875
0 0 ACCEPT udp -- * * 192.168.0.0/24 0.0.0.0/0 state NEW udp dpt:875
0 0 ACCEPT tcp -- * * 192.168.0.0/24 0.0.0.0/0 state NEW tcp dpt:662
0 0 ACCEPT udp -- * * 192.168.0.0/24 0.0.0.0/0 state NEW udp dpt:662
376 62118 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 851 packets, 119K bytes)
pkts bytes target prot opt in out source destination
Code:
[root@shareserver conf.d]# rpcinfo -p
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100011 1 udp 875 rquotad
100011 2 udp 875 rquotad
100011 1 tcp 875 rquotad
100011 2 tcp 875 rquotad
100005 1 udp 13476 mountd
100005 1 tcp 59246 mountd
100005 2 udp 35122 mountd
100005 2 tcp 23780 mountd
100005 3 udp 47054 mountd
100005 3 tcp 55556 mountd
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100227 2 tcp 2049 nfs_acl
100227 3 tcp 2049 nfs_acl
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100227 2 udp 2049 nfs_acl
100227 3 udp 2049 nfs_acl
100021 1 udp 6774 nlockmgr
100021 3 udp 6774 nlockmgr
100021 4 udp 6774 nlockmgr
100021 1 tcp 37973 nlockmgr
100021 3 tcp 37973 nlockmgr
100021 4 tcp 37973 nlockmgr
100024 1 udp 56680 status
100024 1 tcp 17536 status
This is the error I get from the clients try to mount or showmounts, using both IP and hostname
Code:
aaron@aaron-lappy:~$ showmount -e shareserver
rpc mount export: RPC: Unable to receive; errno = No route to host
aaron@aaron-lappy:~$ showmount -e 192.168.0.100
rpc mount export: RPC: Unable to receive; errno = No route to host
Turning OFF iptables, I can show mount and mount the exports
Code:
aaron@aaron-lappy:~$ showmount -e 192.168.0.100
Export list for 192.168.0.100:
/data 192.168.0.0/24
Thanks in advance