> On Wed, 28 Dec 2005 21:33:57 -0600, Charles Howse wrote: > >>> On Wed, 28 Dec 2005 11:29:39 -0600, Charles Howse wrote: >>> >>>> I'm sure this has been asked and answered hundreds of times, but I've been >>>> working on it for 2 days now, and can't resolve the issue. >>>> I'm trying to mount an nfs filesystem that lives on FC4 from my Macintosh >>>> across the home lan (machines are only 15' apart). ;-) >>>> I can successfully mount nfs shares that live on the FreeBSD machine from >>>> the Mac, and can successfully ssh to the FC4 box from the Mac. >>>> >>>> On FC4: >>>> [root@shemp ~]# cat /etc/exports >>>> /disc2 moe(rw,sync) larry(ro,sync) >>>> /home moe(rw) larry(ro) >>>> [root@shemp ~]# cat /etc/hosts.allow >>>> # >>>> # hosts.allow This file describes the names of the hosts which are >>>> # allowed to use the local INET services, as decided >>>> # by the '/usr/sbin/tcpd' server. >>>> # >>>> ALL: ALL >>>> [root@shemp ~]# cat /etc/hosts.deny >>>> # >>>> # hosts.deny This file describes the names of the hosts which are >>>> # *not* allowed to use the local INET services, as decided >>>> # by the '/usr/sbin/tcpd' server. >>>> # >>>> # The portmap line is redundant, but it is left to remind you that >>>> # the new secure portmap uses hosts.deny and hosts.allow. In particular >>>> # you should know that NFS uses portmap! >>>> >>>> [root@shemp ~]# cat /proc/fs/nfs/exports >>>> # Version 1.1 >>>> # Path Client(Flags) # IPs >>>> /home larry(ro,root_squash,sync,wdelay) >>>> /disc2 larry(ro,root_squash,sync,wdelay) >>>> [root@shemp ~]# cat /var/lib/nfs/xtab >>>> [root@shemp ~]# exportfs -ra >>>> exportfs: /etc/exports [2]: No 'sync' or 'async' option specified for >>>> export >>>> "moe:/home". >>>> Assuming default behaviour ('sync'). >>>> NOTE: this default has changed from previous versions >>>> >>>> On the Mac: >>>> [charles@larry:~]$ mount -t nfs shemp:/disc2 ~/mnt >>>> mount_nfs: /Users/charles/mnt: Operation not permitted >>>> [charles@larry:~]$ mount -t nfs shemp:/home ~/mnt >>>> mount_nfs: /Users/charles/mnt: Operation not permitted >>>> >>>> properties for ~/mnt on the Mac: >>>> 0 drwxr-xr-x 3 charles charles 102 Nov 20 17:11 mnt/ >>>> >>>> My uid/gid are the same on both client and server...my username is the same >>>> on both machines, password is different. >>>> >>>> Anybody have a clue? I've read and read and Google'd and browsed till I'm >>>> blue in the face. >>>> Could this be a problem with (what is it...) "non-privileged ports"? >>>> >>>> -- >>>> Thanks, >>>> Charles >>> >>> >>> I bet it's the firewall in FC4. Turn it off and see if nfs works. Then you >>> go from there. Besides the port 2049 (nfs) you need to have several other >>> ports open. The problem is those ports are not always the same, which is a >>> problem with the firewall. >> >> Thank you all very kindly for the suggestions. >> The solution to the problem was the lack of the 'insecure' export option in >> /etc/exports: >> /home larry(rw,insecure,sync) >> >> I discovered it by tailing /var/log/messages: >> Dec 28 15:44:00 shemp rpc.mountd: authenticated mount request from larry:982 >> for /home (/home) >> Dec 28 15:44:00 shemp kernel: nfsd: request from insecure port >> (192.168.254.3:50646)! >> >> Everything works now. Thanks again. >> Look for my new thread on discussing why questions to mailing lists and >> usenet groups don't get answered. > > Strange, I don't have insecure in my /etc/exports on the nfs server: > > /opt 192.168.2.0/24(rw,sync) > /home 192.168.2.0/24(rw,sync) > > and it still works. And I'm all the more surprised knowing how the default > iptables rules are set on FC4. But maybe you already had the firewall set > up to allow nfs traffic and the auxiliary nfs services running on fixed > ports. Did I mention that I turned iptables off? Didn't even check the ruleset, just turned it off. Also made sure that selinux was disabled. > Reading the exports man page I see that the secure option is on by > default, which requires that nfs connections be made from ports < 1024. > Checking this with netstat on my nfs server I do see connections > originating on ports 800 and 799, so maybe that's the default behavior > of FC4 nfs clients. Or maybe I just got lucky. > > Good to know about "insecure" though. It may have something to do with the request coming from the Mac...? Maybe Mac's use insecure ports for nfs connections? Haven't looked into making the Mac use a secure port for nfs.