mount to NFS server 'julie' failed: No route to host

Ed Greshko Ed.Greshko at greshko.com
Thu Apr 12 23:33:15 UTC 2012 

On 04/13/2012 04:57 AM, don fisher wrote:
> On 04/12/12 13:45, Ed Greshko wrote:
>> On 04/13/2012 04:37 AM, don fisher wrote:
>>> When I disabled iptables.service on julie I was able to mount it. I I run
>>> system-config-firewall, nfs is enabled. What else do I need to enable?
>>
>> Are you using NFSv3 or NFSv4?
>>
>> FWIW, I use NFSv4 these days since one has to do a bit of work, exactly what I've
>> forgotten, to configure NFSv3 to work with static ports making the firewall easy to
>> configure.
>>
> NFSv4. I understand that the advantages of tcp over udp are significant.
>
>

Of course it isn't a question of understanding.  I still use NFSv3 in some cases
where the client is unable to utilize NFSv4.

Here are my iptables rules on one of my systems....which uses only NFSv4.

[root at f16-1 sysconfig]# cat iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 631 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 631 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 631 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 2049 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 143 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

As you can see, I only port 2049 is needed for NFSv4 to work...




-- 
Never be afraid to laugh at yourself, after all, you could be missing out on the joke
of the century. -- Dame Edna Everage

More information about the users mailing list