On Mon, 2008-03-24 at 06:15 +0000, Nicholas Robinson wrote:
On Monday 24 March 2008 00:43:44 Gerhard Magnus wrote:
> I'm trying to set up an NFS file server on one of the boxes on my LAN
> and have gotten stuck. On the server, I used system-config-nfs to create
> the following /etc/exports file:
>
> /home/magnusg/music 192.168.1.11(rw,sync) 192.168.1.12(rw,sync)
> 192.168.1.13(rw,sync)
>
> to allow the other three boxes r/w access to the
> directory /home/magnusg/music on the server (192.168.1.14).
>
> Also on the server, I used system-config-services to start nfs and
> nfslock on run levels 3 and 5. Then I checked NFS4 on the firewall
> configuration widget system-config-firewall to open tcp and udp ports
> 2049. Then I rebooted the server.
>
> On one of the clients I then did (as root):
>
> mkdir /mnt/PuteF
> mount 192.168.1.14:/home/magnusg/music /mnt/PuteF
>
> and got the error message:
> mount: mount to NFS server '192.168.1.14' failed: System Error: No route
> to host
>
> I'm guessing I need to open more ports, but which ones and where? The
> four boxes are connected to a Linksys router.
>
> Thanks for the help! --Jerry
Hi
Try turning your firewall off completely for a while - "service iptables stop"
or "service ip6tables stop" will do it from the shell.
I don't bother with firewalls on my internal network machines, but then my
kids are only young!
If turning it off makes nfs work then turn it back on using service iptables
start and send the output from service iptables status to the list.
N
After executing "service iptables stop" on both server and client I was
able to mount the shared directory. After running "service iptables
start" on both boxes I am still able to access files in the shared
directory from the client.
Here's the output of service iptables status on the server (with the
firewalls back up):
root@PuteF Mon Mar 24 11:30:51
[129] /home/magnusg $ service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 RH-Firewall-1-INPUT all -- 0.0.0.0/0
0.0.0.0/0
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 REJECT all -- 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain RH-Firewall-1-INPUT (1 references)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp
type 255
3 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
5 ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp
dpt:5353
6 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
dpt:631
7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpt:631
8 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
NEW tcp dpt:2049
10 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state
NEW udp dpt:2049
11 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
NEW tcp dpt:22
12 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state
NEW udp dpt:111
13 REJECT all -- 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
...and on the client:
root@PuteB Mon Mar 24 11:42:33
[240] /mnt/PuteF/mp3/songs $ service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 RH-Firewall-1-INPUT all -- 0.0.0.0/0
0.0.0.0/0
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 REJECT all -- 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain RH-Firewall-1-INPUT (1 references)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp
type 255
3 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
5 ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp
dpt:5353
6 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
dpt:631
7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpt:631
8 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
NEW tcp dpt:22
10 REJECT all -- 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
I really want to learn samba eventually but I thought I'd master
something simpler first :)