Re: NFS and Firewalld -

28 Aug 2019


      On 8/28/19 8:09 PM, Tom H wrote:
...
On an nfsv4-only system with its iptables rules flushed. "showmount
..." doesn't even work locally (because it needs "rpc.mountd").
# iptables -nL
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
# rpcinfo -s
   program version(s) netid(s)                         service     owner
    100000  2,3,4     local,udp,tcp,udp6,tcp6          portmapper  superuser
    100003  4         tcp6,tcp                         nfs         superuser
# cat /etc/exports
/srv    192.168.0.0/24(rw,sync,no_root_squash)
# exportfs
/srv              192.168.0.0/24
# cat /var/lib/nfs/etab
/srv    192.168.0.0/24(rw,sync,wdelay,hide,nocrossmnt,secure,no_root_squash,no_all_squash,no_subtree_check,secure_locks,acl,no_pnfs,anonuid=65534,anongid=65534,sec=sys,rw,secure,no_root_squash,no_all_squash)
# showmount -e
clnt_create: RPC: Program not registered
# mount 192.168.0.127:/srv /mnt
# findmnt /mnt
TARGET SOURCE             FSTYPE OPTIONS
/mnt   192.168.0.127:/srv nfs4
rw,relatime,vers=4.2,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=192.168.0.127,local_lock=none,addr=192.168.0.127
# cat /var/lib/nfs/rmtab
# showmount -d
clnt_create: RPC: Program not registered
#
Interesting.  I'm not going to lose any sleep over it.  But I thought I had it confined to V4 with the entry in /etc/nfs.conf.
[root@meimei ~]# mount -t nfs -o nfsvers=3  f30k:/home /mnt
mount.nfs: requested NFS version or transport protocol is not supported
But of course
[root@meimei ~]# mount -t nfs -o nfsvers=4  f30k:/home /mnt
[root@meimei ~]# df | grep mnt
f30k:/home              29110528   10145024   17463808  37% /mnt
And....
[root@meimei ~]# showmount -e f30k
Export list for f30k:
/home 192.168.1.0/24,2001:B030:112F:0000::/56
As well as
[root@f30-k ~]# showmount -e
Export list for f30-k.greshko.com:
/home 192.168.1.0/24,2001:B030:112F:0000::/56
[root@f30-k ~]# rpcinfo -s
   program version(s) netid(s)                         service     owner
    100000  2,3,4     local,udp,tcp,udp6,tcp6          portmapper  superuser
    100005  2,1       tcp6,udp6,tcp,udp                mountd      superuser
    100024  1         tcp6,udp6,tcp,udp                status      29
    100003  4         tcp6,tcp                         nfs         superuser
Shows that I have a mountd even though it should not be necessary.
Maybe I'll track down tomorrow why that is.
-- 
If simple questions can be answered with a simple google query then why are there so many of them?