> On Thu, 29 Dec 2005 12:37:37 -0600, Charles Howse wrote: > >>> On Thu, 29 Dec 2005 10:48:13 -0600, Charles Howse wrote: >>> >>>>> On Wed, 28 Dec 2005 21:33:57 -0600, Charles Howse wrote: >>>>> >>>>>>> On Wed, 28 Dec 2005 11:29:39 -0600, Charles Howse wrote: >>>>>>> >>>>>>>> I'm sure this has been asked and answered hundreds of times, but I've >>>>>>>> been >>>>>>>> working on it for 2 days now, and can't resolve the issue. >>>>>>>> I'm trying to mount an nfs filesystem that lives on FC4 from my >>>>>>>> Macintosh >>>>>>>> across the home lan (machines are only 15' apart). ;-) >>>>>>>> I can successfully mount nfs shares that live on the FreeBSD machine >>>>>>>> from >>>>>>>> the Mac, and can successfully ssh to the FC4 box from the Mac. >>>>>>>> >>>>>>>> On FC4: >>>>>>>> [root@shemp ~]# cat /etc/exports >>>>>>>> /disc2 moe(rw,sync) larry(ro,sync) >>>>>>>> /home moe(rw) larry(ro) >>>>>>>> [root@shemp ~]# cat /etc/hosts.allow >>>>>>>> # >>>>>>>> # hosts.allow This file describes the names of the hosts which are >>>>>>>> # allowed to use the local INET services, as decided >>>>>>>> # by the '/usr/sbin/tcpd' server. >>>>>>>> # >>>>>>>> ALL: ALL >>>>>>>> [root@shemp ~]# cat /etc/hosts.deny >>>>>>>> # >>>>>>>> # hosts.deny This file describes the names of the hosts which are >>>>>>>> # *not* allowed to use the local INET services, as >>>>>>>> decided >>>>>>>> # by the '/usr/sbin/tcpd' server. >>>>>>>> # >>>>>>>> # The portmap line is redundant, but it is left to remind you that >>>>>>>> # the new secure portmap uses hosts.deny and hosts.allow. In >>>>>>>> particular >>>>>>>> # you should know that NFS uses portmap! >>>>>>>> >>>>>>>> [root@shemp ~]# cat /proc/fs/nfs/exports >>>>>>>> # Version 1.1 >>>>>>>> # Path Client(Flags) # IPs >>>>>>>> /home larry(ro,root_squash,sync,wdelay) >>>>>>>> /disc2 larry(ro,root_squash,sync,wdelay) >>>>>>>> [root@shemp ~]# cat /var/lib/nfs/xtab >>>>>>>> [root@shemp ~]# exportfs -ra >>>>>>>> exportfs: /etc/exports [2]: No 'sync' or 'async' option specified for >>>>>>>> export >>>>>>>> "moe:/home". >>>>>>>> Assuming default behaviour ('sync'). >>>>>>>> NOTE: this default has changed from previous versions >>>>>>>> >>>>>>>> On the Mac: >>>>>>>> [charles@larry:~]$ mount -t nfs shemp:/disc2 ~/mnt >>>>>>>> mount_nfs: /Users/charles/mnt: Operation not permitted >>>>>>>> [charles@larry:~]$ mount -t nfs shemp:/home ~/mnt >>>>>>>> mount_nfs: /Users/charles/mnt: Operation not permitted >>>>>>>> >>>>>>>> properties for ~/mnt on the Mac: >>>>>>>> 0 drwxr-xr-x 3 charles charles 102 Nov 20 17:11 mnt/ >>>>>>>> >>>>>>>> My uid/gid are the same on both client and server...my username is the >>>>>>>> same >>>>>>>> on both machines, password is different. >>>>>>>> >>>>>>>> Anybody have a clue? I've read and read and Google'd and browsed till >>>>>>>> I'm >>>>>>>> blue in the face. >>>>>>>> Could this be a problem with (what is it...) "non-privileged ports"? >>>>>>>> >>>>>>>> -- >>>>>>>> Thanks, >>>>>>>> Charles >>>>>>> >>>>>>> >>>>>>> I bet it's the firewall in FC4. Turn it off and see if nfs works. Then >>>>>>> you >>>>>>> go from there. Besides the port 2049 (nfs) you need to have several >>>>>>> other >>>>>>> ports open. The problem is those ports are not always the same, which is >>>>>>> a >>>>>>> problem with the firewall. >>>>>> >>>>>> Thank you all very kindly for the suggestions. >>>>>> The solution to the problem was the lack of the 'insecure' export option >>>>>> in >>>>>> /etc/exports: >>>>>> /home larry(rw,insecure,sync) >>>>>> >>>>>> I discovered it by tailing /var/log/messages: >>>>>> Dec 28 15:44:00 shemp rpc.mountd: authenticated mount request from >>>>>> larry:982 >>>>>> for /home (/home) >>>>>> Dec 28 15:44:00 shemp kernel: nfsd: request from insecure port >>>>>> (192.168.254.3:50646)! >>>>>> >>>>>> Everything works now. Thanks again. >>>>>> Look for my new thread on discussing why questions to mailing lists and >>>>>> usenet groups don't get answered. >>>>> >>>>> Strange, I don't have insecure in my /etc/exports on the nfs server: >>>>> >>>>> /opt 192.168.2.0/24(rw,sync) >>>>> /home 192.168.2.0/24(rw,sync) >>>>> >>>>> and it still works. And I'm all the more surprised knowing how the default >>>>> iptables rules are set on FC4. But maybe you already had the firewall set >>>>> up to allow nfs traffic and the auxiliary nfs services running on fixed >>>>> ports. >>>> >>>> Did I mention that I turned iptables off? Didn't even check the ruleset, >>>> just turned it off. >>>> Also made sure that selinux was disabled. >>> >>> I don't think you did. Turning off the firewall is not a permanent >>> solution. Does it work if you turn it back on? >>> >>>> >>>>> Reading the exports man page I see that the secure option is on by >>>>> default, which requires that nfs connections be made from ports < 1024. >>>>> Checking this with netstat on my nfs server I do see connections >>>>> originating on ports 800 and 799, so maybe that's the default behavior >>>>> of FC4 nfs clients. Or maybe I just got lucky. >>>>> >>>>> Good to know about "insecure" though. >>>> >>>> It may have something to do with the request coming from the Mac...? >>>> Maybe Mac's use insecure ports for nfs connections? Haven't looked into >>>> making the Mac use a secure port for nfs. >>> >>> Out of curiosity, can you do a >>> >>> netstat -tupan >>> >>> on the FC4 nfs server while accessing the exported partition from the mac >>> and see what port it's coming from? >> >> Yes, it works with iptables started, but the only established connection I >> see below, is me ssh'ing to the FC4 box to run those commands. >> >> [root@shemp ~]# service iptables start >> [root@shemp ~]# netstat -tupan >> Active Internet connections (servers and established) >> Proto Recv-Q Send-Q Local Address Foreign Address >> State PID/Program name >> tcp 0 0 0.0.0.0:2049 0.0.0.0:* >> LISTEN - >> tcp 0 0 0.0.0.0:32769 0.0.0.0:* >> LISTEN 1348/rpc.statd >> tcp 0 0 0.0.0.0:32774 0.0.0.0:* >> LISTEN - >> tcp 0 0 0.0.0.0:111 0.0.0.0:* >> LISTEN 1330/portmap >> tcp 0 0 0.0.0.0:628 0.0.0.0:* >> LISTEN 1720/rpc.rquotad >> tcp 0 0 127.0.0.1:631 0.0.0.0:* >> LISTEN 1630/cupsd >> tcp 0 0 127.0.0.1:25 0.0.0.0:* >> LISTEN 1768/sendmail: acce >> tcp 0 0 0.0.0.0:639 0.0.0.0:* >> LISTEN 1732/rpc.mountd >> tcp 0 0 :::110 :::* >> LISTEN 1750/dovecot >> tcp 0 0 :::22 :::* >> LISTEN 1678/sshd >> tcp 0 1440 ::ffff:192.168.254.5:22 ::ffff:192.168.254.3:52541 >> ESTABLISHED 8920/sshd: charles >> udp 0 0 0.0.0.0:32768 0.0.0.0:* >> 1348/rpc.statd >> udp 0 0 0.0.0.0:2049 0.0.0.0:* >> - >> udp 0 0 0.0.0.0:32769 0.0.0.0:* >> - >> udp 0 0 0.0.0.0:676 0.0.0.0:* >> 1348/rpc.statd >> udp 0 0 0.0.0.0:111 0.0.0.0:* >> 1330/portmap >> udp 0 0 0.0.0.0:625 0.0.0.0:* >> 1720/rpc.rquotad >> udp 0 0 0.0.0.0:631 0.0.0.0:* >> 1630/cupsd >> udp 0 0 192.168.254.5:123 0.0.0.0:* >> 1691/ntpd >> udp 0 0 127.0.0.1:123 0.0.0.0:* >> 1691/ntpd >> udp 0 0 0.0.0.0:123 0.0.0.0:* >> 1691/ntpd >> udp 0 0 0.0.0.0:636 0.0.0.0:* >> 1732/rpc.mountd >> udp 0 0 :::123 :::* >> 1691/ntpd >> [root@shemp ~]# > > Are you actually accessing the nfs partitions from the mac client, when > you run netstat? Copy a big file. Sorry to be so long getting back. It looks like port 800 on FC and 2049 on the Mac. Here's the output: [root@shemp ~]# netstat -tupan Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:2049 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:32769 0.0.0.0:* LISTEN 1348/rpc.statd tcp 0 0 0.0.0.0:32774 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1330/portmap tcp 0 0 0.0.0.0:628 0.0.0.0:* LISTEN 1720/rpc.rquotad tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1630/cupsd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1768/sendmail: acce tcp 0 0 0.0.0.0:639 0.0.0.0:* LISTEN 1732/rpc.mountd tcp 0 0 192.168.254.5:800 192.168.254.4:2049 ESTABLISHED - tcp 0 0 :::110 :::* LISTEN 1750/dovecot tcp 0 0 :::22 :::* LISTEN 1678/sshd tcp 0 0 ::ffff:192.168.254.5:110 ::ffff:192.168.254.3:54290 TIME_WAIT - tcp 0 1296 ::ffff:192.168.254.5:22 ::ffff:192.168.254.3:54255 ESTABLISHED 14540/sshd: charles udp 0 0 0.0.0.0:32768 0.0.0.0:* 1348/rpc.statd udp 0 0 0.0.0.0:2049 0.0.0.0:* - udp 0 0 0.0.0.0:32769 0.0.0.0:* - udp 0 0 0.0.0.0:800 0.0.0.0:* - udp 0 0 0.0.0.0:676 0.0.0.0:* 1348/rpc.statd udp 0 0 0.0.0.0:111 0.0.0.0:* 1330/portmap udp 0 0 0.0.0.0:625 0.0.0.0:* 1720/rpc.rquotad udp 0 0 0.0.0.0:631 0.0.0.0:* 1630/cupsd udp 0 0 192.168.254.5:123 0.0.0.0:* 1691/ntpd udp 0 0 127.0.0.1:123 0.0.0.0:* 1691/ntpd udp 0 0 0.0.0.0:123 0.0.0.0:* 1691/ntpd udp 0 0 0.0.0.0:636 0.0.0.0:* 1732/rpc.mountd udp 0 0 :::123 :::* 1691/ntpd [root@shemp ~]#