On Tue, 2006-07-25 at 14:32 -0400, Margaret_Doll wrote: > > Begin forwarded message: > > > From: Margaret_Doll <Margaret_Doll@xxxxxxxxx> > > Date: Tue Jul 25, 2006 2:09:47 PM US/Eastern > > To: For releases <fedora-list@xxxxxxxxxx> > > Subject: NFS on FC5 > > > > On a new FC 5 system, I am trying to serve up five large partitions > > (all over 80 Gb apiece) across the network. In particular to an FC2 > > system. > > > > The new system can mount partitions from other systems on the network. > > > > I have disabled selinux. I have the correct hosts in /etc/host.allow > > with permissions to all. > > > > On the client I keep getting that there is no route to the host. > > Although from the client I can see the services on the server. > > > > [root@client root]# rpcinfo -p server > > program vers proto port > > 100000 2 tcp 111 portmapper > > 100000 2 udp 111 portmapper > > 100024 1 udp 32768 status > > 100024 1 tcp 60867 status > > 100021 1 udp 32769 nlockmgr > > 100021 3 udp 32769 nlockmgr > > 100021 4 udp 32769 nlockmgr > > 100021 1 tcp 57687 nlockmgr > > 100021 3 tcp 57687 nlockmgr > > 100021 4 tcp 57687 nlockmgr > > 100011 1 udp 637 rquotad > > 100011 2 udp 637 rquotad > > 100011 1 tcp 640 rquotad > > 100011 2 tcp 640 rquotad > > 100003 2 udp 2049 nfs > > 100003 3 udp 2049 nfs > > 100003 4 udp 2049 nfs > > 100003 2 tcp 2049 nfs > > 100003 3 tcp 2049 nfs > > 100003 4 tcp 2049 nfs > > 100005 1 udp 650 mountd > > 100005 1 tcp 653 mountd > > 100005 2 udp 650 mountd > > 100005 2 tcp 653 mountd > > 100005 3 udp 650 mountd > > 100005 3 tcp 653 mountd > > > > [root@client root]# mount -v /dist > > mount to NFS server 'server' failed. > > RPC Error: 12 ( Remote system error ) > > System Error: 113 (No route to host) > > > > The line from /etc/fstab on the client is > > > > server:/numbers1 /dist nfs4 proto=tcp,soft,bg,rw > > > > I have tried this line with "nfs" instead of "nfs4" and without the > > "proto=tcp" option. > > > > What is going wrong? > > I believe it is a security issue. I turned off iptables, and the > partitions mounted across the network. Now to find the relevant ports > to open up. > > > > besides the ports 2049 and 111 you should secure the system by putting the following in /etc/hosts.allow portmap: ipaddress1, , ipaddress2, ipaddress3 lockd: ipaddress1, , ipaddress2, ipaddress3 mountd: ipaddress1, , ipaddress2, ipaddress3 rquotad: ipaddress1, , ipaddress2, ipaddress3 statd: ipaddress1, , ipaddress2, ipaddress3 more ip's as necessary and putting the following in /etc/hosts.deny portmap: ALL lockd: ALL mountd: ALL rquotad: ALL statd: ALL