> Besides the firewall, other things to check for are tcp wrappers > (/etc/hosts.allow/deny - I once pulled hair over this one), and permisions > of the partitions exported by the NFS server. > > On the client do a > > /usr/sbin/showmount -e nfs.server.com > > Whenever you modify something on the nfs server, run > > exportfs -r > > or restart the nfs server (better, because it restarts the rpc services > too). > > > Also, you're not root on the client when you're trying to access the > exports, are you? By default, the nfs server does not treat a remote root > user as its own root user, for the obvious reasons. So if you're root on > the client and try to access an exported partition that belongs to, say, > joe/users, you'll get an error. > > > Also, the nfs server need not give unrestricted access to a client to > access nfs. The problem with nfs and firewall is that the rpc services run > on random ports, so the firewall would have to open the same (random) > ports to allow access to nfs. Fortunately, nfsd can be configured so that > the rpc services run on fixed ports, like so: > > On the nfs server: > > cat /etc/sysconfig/nfs > STATD_PORT=4000 > LOCKD_TCPPORT=4001 > LOCKD_UDPPORT=4001 > MOUNTD_PORT=4002 > RQUOTAD_PORT=4003 > > Still on the nfs server, in /etc/sysconfig/iptables put these rules: > > -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 2049 -j ACCEPT-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 2049 -j ACCEPT-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 111 -j ACCEPT > -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 111 -j ACCEPT > -A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 4000:4003 -j ACCEPT > -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 4000:4003 -j ACCEPT > > These will allow anything to access the nfs/rpc ports. To allow a > only single machine, add its address to these rules. > > Yes, I am root on the client. I do this all the time with my other fedora boxes. For that matter, to use mount I have to be root. I don't understand this part. I will try to set fixed ports and see if that helps. Thanks, James