NFS through firewall
Bohmer, Andre ten
Andre.tenBohmer at wur.nl
Fri Nov 18 15:56:13 UTC 2005
Hi!
> Hi. I have a server in our DMZ and I'm exporting a specific
> directory with NFS. I have an internal server that I want to
> mount it on. The internal server is allowed through the
> firewall without restriction.
> Firewall guy tells me it's wide open for this internal
> server, TCP and UDP.
>
> When I try to mount the drive I get this error:
> pmap_getmaps rpc problem: RPC: Unable to receive; errno =
> Connection reset by peer
>
> On the server running NFS I get this:
> rpc.mountd: authenticated mount request from
> [internal_server]:680 for /usr/test (/usr/test)
>
> If I do an nmap from the internal server to the external
> server running I get:
>
> (The 1648 ports scanned but not shown below are in state: closed)
> PORT STATE SERVICE
> 22/tcp open ssh
> 80/tcp open http
> 111/tcp open rpcbind
> 443/tcp open https
> 933/tcp open unknown
> 5001/tcp open commplex-link
> 5801/tcp open vnc-http-1
> 5901/tcp open vnc-1
> 10000/tcp open snet-sensor-mgmt
>
> A UDP port scan seems to hang.
>
> If I do an rpcinfo on the external server running NFS I get:
> # rpcinfo -p 127.0.0.1
> program vers proto port
> 100000 2 tcp 111 portmapper
> 100000 2 udp 111 portmapper
> 100024 1 udp 32768 status
> 100024 1 tcp 32768 status
> 391002 2 tcp 32769 sgi_fam
> 100011 1 udp 930 rquotad
> 100011 2 udp 930 rquotad
> 100011 1 tcp 933 rquotad
> 100011 2 tcp 933 rquotad
> 100003 2 udp 2049 nfs
> 100003 3 udp 2049 nfs
> 100021 1 udp 32781 nlockmgr
> 100021 3 udp 32781 nlockmgr
> 100021 4 udp 32781 nlockmgr
> 100005 1 udp 32782 mountd
> 100005 1 tcp 59483 mountd
> 100005 2 udp 32782 mountd
> 100005 2 tcp 59483 mountd
> 100005 3 udp 32782 mountd
> 100005 3 tcp 59483 mountd
>
> Any thoughts on what the problem is?
Had no time to browse the full thread yet, but just my few cents:
- Did you check TCP wrappers (/etc/hosts.allow and /etc/hosts.deny) ? Like entries for portmap, nfsd, statd, rquotad, mountd and lockd
- A link I used regarding configuring NFS http://www.lowth.com/LinWiz/nfs_help.html through firewalls. Though your firewall seems to be open, maybe it helps to clarify some things.
Cheers,
André
> Thanks,
> James
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>
More information about the fedora-list
mailing list