On Thursday 29 December 2005 11:13, Amadeus W. M. wrote:
> On Wed, 28 Dec 2005 21:33:57 -0600, Charles Howse wrote:
> >> On Wed, 28 Dec 2005 11:29:39 -0600, Charles Howse wrote:
> >>> I'm sure this has been asked and answered hundreds of times, but I've
> >>> been working on it for 2 days now, and can't resolve the issue.
> >>> I'm trying to mount an nfs filesystem that lives on FC4 from my
> >>> Macintosh across the home lan (machines are only 15' apart). ;-)
> >>> I can successfully mount nfs shares that live on the FreeBSD machine
> >>> from the Mac, and can successfully ssh to the FC4 box from the Mac.
> >>>
> >>> On FC4:
> >>> [root@shemp ~]# cat /etc/exports
> >>> /disc2 moe(rw,sync) larry(ro,sync)
> >>> /home moe(rw) larry(ro)
> >>> [root@shemp ~]# cat /etc/hosts.allow
> >>> #
> >>> # hosts.allow This file describes the names of the hosts which are
> >>> # allowed to use the local INET services, as decided
> >>> # by the '/usr/sbin/tcpd' server.
> >>> #
> >>> ALL: ALL
> >>> [root@shemp ~]# cat /etc/hosts.deny
> >>> #
> >>> # hosts.deny This file describes the names of the hosts which are
> >>> # *not* allowed to use the local INET services, as
> >>> decided # by the '/usr/sbin/tcpd' server.
> >>> #
> >>> # The portmap line is redundant, but it is left to remind you that
> >>> # the new secure portmap uses hosts.deny and hosts.allow. In
> >>> particular # you should know that NFS uses portmap!
> >>>
> >>> [root@shemp ~]# cat /proc/fs/nfs/exports
> >>> # Version 1.1
> >>> # Path Client(Flags) # IPs
> >>> /home larry(ro,root_squash,sync,wdelay)
> >>> /disc2 larry(ro,root_squash,sync,wdelay)
> >>> [root@shemp ~]# cat /var/lib/nfs/xtab
> >>> [root@shemp ~]# exportfs -ra
> >>> exportfs: /etc/exports [2]: No 'sync' or 'async' option specified for
> >>> export "moe:/home".
> >>> Assuming default behaviour ('sync').
> >>> NOTE: this default has changed from previous versions
> >>>
> >>> On the Mac:
> >>> [charles@larry:~]$ mount -t nfs shemp:/disc2 ~/mnt
> >>> mount_nfs: /Users/charles/mnt: Operation not permitted
> >>> [charles@larry:~]$ mount -t nfs shemp:/home ~/mnt
> >>> mount_nfs: /Users/charles/mnt: Operation not permitted
> >>>
> >>> properties for ~/mnt on the Mac:
> >>> 0 drwxr-xr-x 3 charles charles 102 Nov 20 17:11 mnt/
> >>>
> >>> My uid/gid are the same on both client and server...my username is the
> >>> same on both machines, password is different.
> >>>
> >>> Anybody have a clue? I've read and read and Google'd and browsed till
> >>> I'm blue in the face.
> >>> Could this be a problem with (what is it...) "non-privileged ports"?
> >>>
> >>> --
> >>> Thanks,
> >>> Charles
> >>
> >> I bet it's the firewall in FC4. Turn it off and see if nfs works. Then
> >> you go from there. Besides the port 2049 (nfs) you need to have several
> >> other ports open. The problem is those ports are not always the same,
> >> which is a problem with the firewall.
> >
> > Thank you all very kindly for the suggestions.
> > The solution to the problem was the lack of the 'insecure' export option
> > in /etc/exports:
> > /home larry(rw,insecure,sync)
> >
> > I discovered it by tailing /var/log/messages:
> > Dec 28 15:44:00 shemp rpc.mountd: authenticated mount request from
> > larry:982 for /home (/home)
> > Dec 28 15:44:00 shemp kernel: nfsd: request from insecure port
> > (192.168.254.3:50646)!
> >
> > Everything works now. Thanks again.
> > Look for my new thread on discussing why questions to mailing lists and
> > usenet groups don't get answered.
>
> Strange, I don't have insecure in my /etc/exports on the nfs server:
>
> /opt 192.168.2.0/24(rw,sync)
> /home 192.168.2.0/24(rw,sync)
>
> and it still works. And I'm all the more surprised knowing how the default
> iptables rules are set on FC4. But maybe you already had the firewall set
> up to allow nfs traffic and the auxiliary nfs services running on fixed
> ports.
>
> Reading the exports man page I see that the secure option is on by
> default, which requires that nfs connections be made from ports < 1024.
> Checking this with netstat on my nfs server I do see connections
> originating on ports 800 and 799, so maybe that's the default behavior
> of FC4 nfs clients. Or maybe I just got lucky.
>
> Good to know about "insecure" though.
I have seen instances where a server will not permit a NFS mount if it cannot
resolve the client's IP address.
Attachment:
pgpH1RPohgTWi.pgp
Description: PGP signature
