> On Thursday 29 December 2005 11:13, Amadeus W. M. wrote: >> On Wed, 28 Dec 2005 21:33:57 -0600, Charles Howse wrote: >>>> On Wed, 28 Dec 2005 11:29:39 -0600, Charles Howse wrote: >>>>> I'm sure this has been asked and answered hundreds of times, but I've >>>>> been working on it for 2 days now, and can't resolve the issue. >>>>> I'm trying to mount an nfs filesystem that lives on FC4 from my >>>>> Macintosh across the home lan (machines are only 15' apart). ;-) >>>>> I can successfully mount nfs shares that live on the FreeBSD machine >>>>> from the Mac, and can successfully ssh to the FC4 box from the Mac. >>>>> >>>>> On FC4: >>>>> [root@shemp ~]# cat /etc/exports >>>>> /disc2 moe(rw,sync) larry(ro,sync) >>>>> /home moe(rw) larry(ro) >>>>> [root@shemp ~]# cat /etc/hosts.allow >>>>> # >>>>> # hosts.allow This file describes the names of the hosts which are >>>>> # allowed to use the local INET services, as decided >>>>> # by the '/usr/sbin/tcpd' server. >>>>> # >>>>> ALL: ALL >>>>> [root@shemp ~]# cat /etc/hosts.deny >>>>> # >>>>> # hosts.deny This file describes the names of the hosts which are >>>>> # *not* allowed to use the local INET services, as >>>>> decided # by the '/usr/sbin/tcpd' server. >>>>> # >>>>> # The portmap line is redundant, but it is left to remind you that >>>>> # the new secure portmap uses hosts.deny and hosts.allow. In >>>>> particular # you should know that NFS uses portmap! >>>>> >>>>> [root@shemp ~]# cat /proc/fs/nfs/exports >>>>> # Version 1.1 >>>>> # Path Client(Flags) # IPs >>>>> /home larry(ro,root_squash,sync,wdelay) >>>>> /disc2 larry(ro,root_squash,sync,wdelay) >>>>> [root@shemp ~]# cat /var/lib/nfs/xtab >>>>> [root@shemp ~]# exportfs -ra >>>>> exportfs: /etc/exports [2]: No 'sync' or 'async' option specified for >>>>> export "moe:/home". >>>>> Assuming default behaviour ('sync'). >>>>> NOTE: this default has changed from previous versions >>>>> >>>>> On the Mac: >>>>> [charles@larry:~]$ mount -t nfs shemp:/disc2 ~/mnt >>>>> mount_nfs: /Users/charles/mnt: Operation not permitted >>>>> [charles@larry:~]$ mount -t nfs shemp:/home ~/mnt >>>>> mount_nfs: /Users/charles/mnt: Operation not permitted >>>>> >>>>> properties for ~/mnt on the Mac: >>>>> 0 drwxr-xr-x 3 charles charles 102 Nov 20 17:11 mnt/ >>>>> >>>>> My uid/gid are the same on both client and server...my username is the >>>>> same on both machines, password is different. >>>>> >>>>> Anybody have a clue? I've read and read and Google'd and browsed till >>>>> I'm blue in the face. >>>>> Could this be a problem with (what is it...) "non-privileged ports"? >>>>> >>>>> -- >>>>> Thanks, >>>>> Charles >>>> >>>> I bet it's the firewall in FC4. Turn it off and see if nfs works. Then >>>> you go from there. Besides the port 2049 (nfs) you need to have several >>>> other ports open. The problem is those ports are not always the same, >>>> which is a problem with the firewall. >>> >>> Thank you all very kindly for the suggestions. >>> The solution to the problem was the lack of the 'insecure' export option >>> in /etc/exports: >>> /home larry(rw,insecure,sync) >>> >>> I discovered it by tailing /var/log/messages: >>> Dec 28 15:44:00 shemp rpc.mountd: authenticated mount request from >>> larry:982 for /home (/home) >>> Dec 28 15:44:00 shemp kernel: nfsd: request from insecure port >>> (192.168.254.3:50646)! >>> >>> Everything works now. Thanks again. >>> Look for my new thread on discussing why questions to mailing lists and >>> usenet groups don't get answered. >> >> Strange, I don't have insecure in my /etc/exports on the nfs server: >> >> /opt 192.168.2.0/24(rw,sync) >> /home 192.168.2.0/24(rw,sync) >> >> and it still works. And I'm all the more surprised knowing how the default >> iptables rules are set on FC4. But maybe you already had the firewall set >> up to allow nfs traffic and the auxiliary nfs services running on fixed >> ports. >> >> Reading the exports man page I see that the secure option is on by >> default, which requires that nfs connections be made from ports < 1024. >> Checking this with netstat on my nfs server I do see connections >> originating on ports 800 and 799, so maybe that's the default behavior >> of FC4 nfs clients. Or maybe I just got lucky. >> >> Good to know about "insecure" though. > I have seen instances where a server will not permit a NFS mount if it cannot > resolve the client's IP address. That makes sense, however, one of the first things I did when I set up the FC4 box was edit /etc/hosts, and add the other machines on the lan.