On Thu, 29 Dec 2005 12:37:37 -0600, Charles Howse wrote: >> On Thu, 29 Dec 2005 10:48:13 -0600, Charles Howse wrote: >> >>>> On Wed, 28 Dec 2005 21:33:57 -0600, Charles Howse wrote: >>>> >>>>>> On Wed, 28 Dec 2005 11:29:39 -0600, Charles Howse wrote: >>>>>> >>>>>>> I'm sure this has been asked and answered hundreds of times, but I've >>>>>>> been >>>>>>> working on it for 2 days now, and can't resolve the issue. >>>>>>> I'm trying to mount an nfs filesystem that lives on FC4 from my Macintosh >>>>>>> across the home lan (machines are only 15' apart). ;-) >>>>>>> I can successfully mount nfs shares that live on the FreeBSD machine from >>>>>>> the Mac, and can successfully ssh to the FC4 box from the Mac. >>>>>>> >>>>>>> On FC4: >>>>>>> [root@shemp ~]# cat /etc/exports >>>>>>> /disc2 moe(rw,sync) larry(ro,sync) >>>>>>> /home moe(rw) larry(ro) >>>>>>> [root@shemp ~]# cat /etc/hosts.allow >>>>>>> # >>>>>>> # hosts.allow This file describes the names of the hosts which are >>>>>>> # allowed to use the local INET services, as decided >>>>>>> # by the '/usr/sbin/tcpd' server. >>>>>>> # >>>>>>> ALL: ALL >>>>>>> [root@shemp ~]# cat /etc/hosts.deny >>>>>>> # >>>>>>> # hosts.deny This file describes the names of the hosts which are >>>>>>> # *not* allowed to use the local INET services, as decided >>>>>>> # by the '/usr/sbin/tcpd' server. >>>>>>> # >>>>>>> # The portmap line is redundant, but it is left to remind you that >>>>>>> # the new secure portmap uses hosts.deny and hosts.allow. In particular >>>>>>> # you should know that NFS uses portmap! >>>>>>> >>>>>>> [root@shemp ~]# cat /proc/fs/nfs/exports >>>>>>> # Version 1.1 >>>>>>> # Path Client(Flags) # IPs >>>>>>> /home larry(ro,root_squash,sync,wdelay) >>>>>>> /disc2 larry(ro,root_squash,sync,wdelay) >>>>>>> [root@shemp ~]# cat /var/lib/nfs/xtab >>>>>>> [root@shemp ~]# exportfs -ra >>>>>>> exportfs: /etc/exports [2]: No 'sync' or 'async' option specified for >>>>>>> export >>>>>>> "moe:/home". >>>>>>> Assuming default behaviour ('sync'). >>>>>>> NOTE: this default has changed from previous versions >>>>>>> >>>>>>> On the Mac: >>>>>>> [charles@larry:~]$ mount -t nfs shemp:/disc2 ~/mnt >>>>>>> mount_nfs: /Users/charles/mnt: Operation not permitted >>>>>>> [charles@larry:~]$ mount -t nfs shemp:/home ~/mnt >>>>>>> mount_nfs: /Users/charles/mnt: Operation not permitted >>>>>>> >>>>>>> properties for ~/mnt on the Mac: >>>>>>> 0 drwxr-xr-x 3 charles charles 102 Nov 20 17:11 mnt/ >>>>>>> >>>>>>> My uid/gid are the same on both client and server...my username is the >>>>>>> same >>>>>>> on both machines, password is different. >>>>>>> >>>>>>> Anybody have a clue? I've read and read and Google'd and browsed till >>>>>>> I'm >>>>>>> blue in the face. >>>>>>> Could this be a problem with (what is it...) "non-privileged ports"? >>>>>>> >>>>>>> -- >>>>>>> Thanks, >>>>>>> Charles >>>>>> >>>>>> >>>>>> I bet it's the firewall in FC4. Turn it off and see if nfs works. Then you >>>>>> go from there. Besides the port 2049 (nfs) you need to have several other >>>>>> ports open. The problem is those ports are not always the same, which is a >>>>>> problem with the firewall. >>>>> >>>>> Thank you all very kindly for the suggestions. >>>>> The solution to the problem was the lack of the 'insecure' export option in >>>>> /etc/exports: >>>>> /home larry(rw,insecure,sync) >>>>> >>>>> I discovered it by tailing /var/log/messages: >>>>> Dec 28 15:44:00 shemp rpc.mountd: authenticated mount request from >>>>> larry:982 >>>>> for /home (/home) >>>>> Dec 28 15:44:00 shemp kernel: nfsd: request from insecure port >>>>> (192.168.254.3:50646)! >>>>> >>>>> Everything works now. Thanks again. >>>>> Look for my new thread on discussing why questions to mailing lists and >>>>> usenet groups don't get answered. >>>> >>>> Strange, I don't have insecure in my /etc/exports on the nfs server: >>>> >>>> /opt 192.168.2.0/24(rw,sync) >>>> /home 192.168.2.0/24(rw,sync) >>>> >>>> and it still works. And I'm all the more surprised knowing how the default >>>> iptables rules are set on FC4. But maybe you already had the firewall set >>>> up to allow nfs traffic and the auxiliary nfs services running on fixed >>>> ports. >>> >>> Did I mention that I turned iptables off? Didn't even check the ruleset, >>> just turned it off. >>> Also made sure that selinux was disabled. >> >> I don't think you did. Turning off the firewall is not a permanent >> solution. Does it work if you turn it back on? >> >>> >>>> Reading the exports man page I see that the secure option is on by >>>> default, which requires that nfs connections be made from ports < 1024. >>>> Checking this with netstat on my nfs server I do see connections >>>> originating on ports 800 and 799, so maybe that's the default behavior >>>> of FC4 nfs clients. Or maybe I just got lucky. >>>> >>>> Good to know about "insecure" though. >>> >>> It may have something to do with the request coming from the Mac...? >>> Maybe Mac's use insecure ports for nfs connections? Haven't looked into >>> making the Mac use a secure port for nfs. >> >> Out of curiosity, can you do a >> >> netstat -tupan >> >> on the FC4 nfs server while accessing the exported partition from the mac >> and see what port it's coming from? > > Yes, it works with iptables started, but the only established connection I > see below, is me ssh'ing to the FC4 box to run those commands. > > [root@shemp ~]# service iptables start > [root@shemp ~]# netstat -tupan > Active Internet connections (servers and established) > Proto Recv-Q Send-Q Local Address Foreign Address > State PID/Program name > tcp 0 0 0.0.0.0:2049 0.0.0.0:* > LISTEN - > tcp 0 0 0.0.0.0:32769 0.0.0.0:* > LISTEN 1348/rpc.statd > tcp 0 0 0.0.0.0:32774 0.0.0.0:* > LISTEN - > tcp 0 0 0.0.0.0:111 0.0.0.0:* > LISTEN 1330/portmap > tcp 0 0 0.0.0.0:628 0.0.0.0:* > LISTEN 1720/rpc.rquotad > tcp 0 0 127.0.0.1:631 0.0.0.0:* > LISTEN 1630/cupsd > tcp 0 0 127.0.0.1:25 0.0.0.0:* > LISTEN 1768/sendmail: acce > tcp 0 0 0.0.0.0:639 0.0.0.0:* > LISTEN 1732/rpc.mountd > tcp 0 0 :::110 :::* > LISTEN 1750/dovecot > tcp 0 0 :::22 :::* > LISTEN 1678/sshd > tcp 0 1440 ::ffff:192.168.254.5:22 ::ffff:192.168.254.3:52541 > ESTABLISHED 8920/sshd: charles > udp 0 0 0.0.0.0:32768 0.0.0.0:* > 1348/rpc.statd > udp 0 0 0.0.0.0:2049 0.0.0.0:* > - > udp 0 0 0.0.0.0:32769 0.0.0.0:* > - > udp 0 0 0.0.0.0:676 0.0.0.0:* > 1348/rpc.statd > udp 0 0 0.0.0.0:111 0.0.0.0:* > 1330/portmap > udp 0 0 0.0.0.0:625 0.0.0.0:* > 1720/rpc.rquotad > udp 0 0 0.0.0.0:631 0.0.0.0:* > 1630/cupsd > udp 0 0 192.168.254.5:123 0.0.0.0:* > 1691/ntpd > udp 0 0 127.0.0.1:123 0.0.0.0:* > 1691/ntpd > udp 0 0 0.0.0.0:123 0.0.0.0:* > 1691/ntpd > udp 0 0 0.0.0.0:636 0.0.0.0:* > 1732/rpc.mountd > udp 0 0 :::123 :::* > 1691/ntpd > [root@shemp ~]# Are you actually accessing the nfs partitions from the mac client, when you run netstat? Copy a big file.