Re: NFS mounting problems. Please help.

[Michael Schwendt <ms0301rh arcor de>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 25 Apr 2003 18:55:34 -0400, Joseph Tate wrote:

> I've got a RHL 9 install with all updates applied on a Dell Poweredge 
> 2650 (Dual Xeon 2.0Ghz).  I've got a couple of NFS mount points set up:
>     /nfs/redhat  10.2.2.0/255.255.255.240(async)
>     /nfs/home    10.2.2.0/255.255.255.240(rw,async,no_root_squash)
> The server has dual BroadCom NetXtreme Gigabit Ethernet Adapters.  It 
> seems to like the tg3 driver module better than the bcm5700 drivers.  
> eth0 is configured as a static IP as 10.2.2.2.  Eth1 is currently set up 
> using DHCP.  I set up iptables using lokkit so that eth0 was trusted.  
> /etc/sysconfig/iptables is included below:
>     *filter
>     :INPUT ACCEPT [0:0]
>     :FORWARD ACCEPT [0:0]
>     :OUTPUT ACCEPT [0:0]
>     :RH-Lokkit-0-50-INPUT - [0:0]
>     -A INPUT -j RH-Lokkit-0-50-INPUT
>     -A FORWARD -j RH-Lokkit-0-50-INPUT
>     -A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
>     -A RH-Lokkit-0-50-INPUT -i eth0 -j ACCEPT
>     -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --syn -j REJECT
>     -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 --syn -j REJECT
>     -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT
>     -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 -j REJECT
>     -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 6000:6009 --syn -j REJECT
>     -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 --syn -j REJECT
>     COMMIT
> The NFS clients are RHL 7.3 with all updates applied and have 10.2.2.x 
> static IPs on eth0 (identical hardware).  They're running ipchains, but 
> also have eth0 trusted.  Their fstab entries look like:
>     cheetah-int:/nfs/home /home nfs defaults 0 0
>     cheetah-int:/nfs/redhat /redhat nfs defaults 0 0
> cheetah-int is resolvable via /etc/hosts as:
>     10.2.2.2 cheetah-int
> I've made sure that statd and portmapper are running on both systems.
> When I boot the client servers, I get the following message during the 
> mounting remote filesystems stage:
>     mount: RPC: Port mapper failure - RPC: Unable to receive
> I receive it twice actually, once for each mount point.  Nothing appears 
> in /var/log/messages on the server.
> 
> Here's the kicker.  After the server has finished booting, mount -a will 
> usually succeed.  No modification needed.  Also, if I run "/sbin/service 
> iptables stop" on the server, it will successfully mount the NFS 
> directories during bootup.  Sometimes mount -a will still fail, with the 
> same message I receive at boot, continuously, but restarting ipchains or 
> portmap will "fix" it so that mount -a succeeds.
> 
> I really need these file systems to be mounted at boot time.  Eth1 will 
> be connected to an external network, and therefore must have iptables 
> protecting it.  Any suggestions?

Having noticed your iptables bug report (bugzilla #90064), what
makes you think iptables is to blame? Can you give some details with
regard to your routing table (netstat -nr) and NIC config (ifconfig
- -a) for both server and a test-client and your attempts on debugging
whether iptables or ipchains (on the clients) is the cause of it?
For instance, on the NFS server, if you add a log rule right after
the "trust eth0" rule,

  -A RH-Lokkit-0-50-INPUT -i eth0 -j ACCEPT
  -A RH-Lokkit-0-50-INPUT -i eth0 -j LOG --log-level alert

do you see anything in the logs upon booting an NFS client?
Or what makes you assume iptables blocks anything from eth0?

> After the server has finished booting, mount -a will 
> usually succeed.

Since you refer to "server" and "client servers", what server is
referred to here?

> Also, if I run "/sbin/service iptables stop" on the server,
> it will successfully mount the NFS directories during bootup.

it = client?

- -- 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE+saJU0iMVcrivHFQRAkmzAJ4imfODw11QFA2Uq6oQdUab/UNt2gCfaS3c
WNaZEVqD8aiXjl6vQHJ4cW0=
=ctV4
-----END PGP SIGNATURE-----