On Monday 24 January 2005 11:05, David Liguori wrote: >Gene Heskett wrote: >> Greetings; >> >> I have a dir on this machine that contains all 9 of the FC3 iso >> images, and I've setup a server: line in my fstab, and setup >> the /etc/exports file to export that dir to any address in the >> 192.168.xx.xx block >> >> I *think* I have the exports for nfs setup correctly. >> >> I've even rebooted. >> >> On this machine, a showmount -e shows this: >> [root@coyote root]# showmount -e >> [root@coyote etc]# showmount -e >> Export list for coyote.coyote.den: >> /usr/dlds-misc/FC3 192.168.71.0/255.255.255.0 I moved stuff around so that only the 5 iso's are there, the SRPMS have been moved to an SPRMS dir of their own. No diff. >> And on another box as client for machine coyote: >> [root@gene root]# showmount -e coyote >> Export list for coyote: >> /usr/dlds-misc/FC3 192.168.71.0/255.255.255.0 >> >> But I cannot connect with the NFS choice on the machine I'm trying >> to install FC3 on. And at the point in the install, there is no >> other shell available, so all I can see is the cannot connect >> messages once I've filled in the address of this box and the path >> on this box to those iso's. So at this point I have no idea if >> the network driver the installer has loaded is wrong or what. >> However, the box is sitting down there with the error message on >> screen, and I can ping it just fine: >> >> PING shop.coyote.den (192.168.71.4) 56(84) bytes of data. >> 64 bytes from shop.coyote.den (192.168.71.4): icmp_seq=0 ttl=64 >> time=0.330 ms >> 64 bytes from shop.coyote.den (192.168.71.4): icmp_seq=1 ttl=64 >> time=0.103 ms >> 64 bytes from shop.coyote.den (192.168.71.4): icmp_seq=2 ttl=64 >> time=0.097 ms >> 64 bytes from shop.coyote.den (192.168.71.4): icmp_seq=3 ttl=64 >> time=0.100 ms >> 64 bytes from shop.coyote.den (192.168.71.4): icmp_seq=4 ttl=64 >> time=0.097 ms >> >> telnet and ssh both are refused. >> >> Does anyone have a clue to loan me? > >How do you start the NFS daemon on the server? The server is a rather contaminated FC2. No netfilter/iptables/selinux enabled at all. All behind a firewall with a very good record. >Usually it's through > xinetd, or at least it used to be. For FC2, its a script in /etc/init.d, linked to by a link in /etc/rc3.d, my normal boot mode here. > There are hosts.allow and > hosts.deny files that are shipped closed down by default (usually > "all all" is in deny, then only those hosts and services you want > to allow are in "allow", which overrides the deny). /etc/hosts.deny: # # hosts.deny This file describes the names of the hosts which are # *not* allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # # The portmap line is redundant, but it is left to remind you that # the new secure portmap uses hosts.deny and hosts.allow. In particular # you should know that NFS uses portmap! -------------------------- /etc/hosts.allow : # # hosts.allow This file describes the names of the hosts which are # allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # --------------------------- > Also, you need > portmapper running--unless things have totally changed since I last > set up an NFS server, a few RH releases ago. [root@coyote mnt]# ps -ea|grep portmap 1936 ? 00:00:00 portmap > I can say that, in > general, things that are potential security risks that don't need > to be running for basic functionality won't be, by default (eg. > telnet, ftp, ssh, nfs. Does it accept telnet or ssh connections > from other machines?)--contrary to the traditional Microsoft > policy. telnet no, ftp unk, ssh no, nfs gets no perms error there, nothing logged here. smb shares can be seen from here, but not written to, everything is read-only. > Your best bet, therefore, is to consult a step by step > tutorial, like the one alluded to by another responder. You can > then be reasonably sure of opening up all those things, and only > those things, that need to be to get the desired result. > > -- >David Liguori -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) 99.32% setiathome rank, not too shabby for a WV hillbilly Yahoo.com attorneys please note, additions to this message by Gene Heskett are: Copyright 2005 by Maurice Eugene Heskett, all rights reserved.
