[Novalug] nfs server

Peter Larsen plarsen at famlarsen.homelinux.com
Tue Mar 9 13:08:45 EST 2010 

Sorry - I must have missed your mail this weekend.

NFS on Fedora 8 (I think) and above uses random ports to bind NFS with
by default. This does increase security but makes making firewall rules
quite tough. You'll most likely find that "rpcinfo" fails from a remote
machine to your fedora box, which would be your firewall blocking.
Also, when you say NFS - what version? If you don't specify you're using
a pretty old version 1 - you should go with at least version 3 (4 if
you're brave) to increase performance and security.

In regards to the port dynamics, it's fairly simple to fix.
Edit /etc/sysconfig/nfs and uncomment the settings for specific ports of
your choosing. Then open those ports in IPTables. To test, do "rpcinfo
-p <hostname>" from a remote box. It should return the port list that
listens on fedora. If that works, you can mount NFS on the box. Be sure
to specify nfs_vers=3,rsize=32768,wsize=32768 at a very minimum when you
mount. 

If you're still are having problems, just update the thread.

-- 

Best Regards
  Peter Larsen

Wise words of the day:
The linuX Files -- The Source is Out There.
	-- Sent in by Craig S. Bell, goat at aracnet.com


On Tue, 2010-03-09 at 12:53 -0500, Jon LaBadie wrote:

> I asked about this over the weekend and I'm hoping the
> lack of replies was due to people skipping over it.
> 
> I have several systems at home that are acting fine
> as NFS servers and clients.  But one, a Fedora 9 system,
> works fine only as an NFS client.
> 
> As a server the Fedora system can mount exported shares
> back to itself (localhost), so it seems the server is up
> and running.  But remote systems get no response and
> nothing is recorded in /var/log/messages on the Fedora server.
> 
> I'm confident /etc/exports is set up suitably.  And if not,
> I'd expect access or permission error messages to be logged.
> 
> SELINUX was set to permissive and nfs was an allowed activity.
> But I've disabled SELINUX anyway (and rebooted) with no effect
> on NFS.
> 
> According to nmap, the NFS port (2049) is open for tcp traffic.
> 
> The portmap service (rpcbind) is running and to liberalize
> access I've set /etc/hosts.allow to ALL: ALL: ALLOW.  It was
> empty.  hosts.deny is empty.
> 
> 
> I'm at a loss as to why remote NFS mount requests don't seem
> to make it to the NFS daemon.  Any ideas?
> 
> jon


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://calypso.tux.org/pipermail/novalug/attachments/20100309/0ee5c9dd/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://calypso.tux.org/pipermail/novalug/attachments/20100309/0ee5c9dd/attachment.bin

More information about the Novalug mailing list