total NFS newbie needs help
Gene Heskett
gene.heskett at verizon.net
Mon Jan 24 16:44:08 UTC 2005
On Monday 24 January 2005 11:05, David Liguori wrote:
>Gene Heskett wrote:
>> Greetings;
>>
>> I have a dir on this machine that contains all 9 of the FC3 iso
>> images, and I've setup a server: line in my fstab, and setup
>> the /etc/exports file to export that dir to any address in the
>> 192.168.xx.xx block
>>
>> I *think* I have the exports for nfs setup correctly.
>>
>> I've even rebooted.
>>
>> On this machine, a showmount -e shows this:
>> [root at coyote root]# showmount -e
>> [root at coyote etc]# showmount -e
>> Export list for coyote.coyote.den:
>> /usr/dlds-misc/FC3 192.168.71.0/255.255.255.0
I moved stuff around so that only the 5 iso's are there, the
SRPMS have been moved to an SPRMS dir of their own. No diff.
>> And on another box as client for machine coyote:
>> [root at gene root]# showmount -e coyote
>> Export list for coyote:
>> /usr/dlds-misc/FC3 192.168.71.0/255.255.255.0
>>
>> But I cannot connect with the NFS choice on the machine I'm trying
>> to install FC3 on. And at the point in the install, there is no
>> other shell available, so all I can see is the cannot connect
>> messages once I've filled in the address of this box and the path
>> on this box to those iso's. So at this point I have no idea if
>> the network driver the installer has loaded is wrong or what.
>> However, the box is sitting down there with the error message on
>> screen, and I can ping it just fine:
>>
>> PING shop.coyote.den (192.168.71.4) 56(84) bytes of data.
>> 64 bytes from shop.coyote.den (192.168.71.4): icmp_seq=0 ttl=64
>> time=0.330 ms
>> 64 bytes from shop.coyote.den (192.168.71.4): icmp_seq=1 ttl=64
>> time=0.103 ms
>> 64 bytes from shop.coyote.den (192.168.71.4): icmp_seq=2 ttl=64
>> time=0.097 ms
>> 64 bytes from shop.coyote.den (192.168.71.4): icmp_seq=3 ttl=64
>> time=0.100 ms
>> 64 bytes from shop.coyote.den (192.168.71.4): icmp_seq=4 ttl=64
>> time=0.097 ms
>>
>> telnet and ssh both are refused.
>>
>> Does anyone have a clue to loan me?
>
>How do you start the NFS daemon on the server?
The server is a rather contaminated FC2. No netfilter/iptables/selinux
enabled at all. All behind a firewall with a very good record.
>Usually it's through
> xinetd, or at least it used to be.
For FC2, its a script in /etc/init.d, linked to by a link in /etc/rc3.d,
my normal boot mode here.
> There are hosts.allow and
> hosts.deny files that are shipped closed down by default (usually
> "all all" is in deny, then only those hosts and services you want
> to allow are in "allow", which overrides the deny).
/etc/hosts.deny:
#
# hosts.deny This file describes the names of the hosts which are
# *not* allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow. In particular
# you should know that NFS uses portmap!
--------------------------
/etc/hosts.allow
:
#
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
---------------------------
> Also, you need
> portmapper running--unless things have totally changed since I last
> set up an NFS server, a few RH releases ago.
[root at coyote mnt]# ps -ea|grep portmap
1936 ? 00:00:00 portmap
> I can say that, in
> general, things that are potential security risks that don't need
> to be running for basic functionality won't be, by default (eg.
> telnet, ftp, ssh, nfs. Does it accept telnet or ssh connections
> from other machines?)--contrary to the traditional Microsoft
> policy.
telnet no, ftp unk, ssh no, nfs gets no perms error there, nothing logged here.
smb shares can be seen from here, but not written to, everything is read-only.
> Your best bet, therefore, is to consult a step by step
> tutorial, like the one alluded to by another responder. You can
> then be reasonably sure of opening up all those things, and only
> those things, that need to be to get the desired result.
>
> --
>David Liguori
--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
99.32% setiathome rank, not too shabby for a WV hillbilly
Yahoo.com attorneys please note, additions to this message
by Gene Heskett are:
Copyright 2005 by Maurice Eugene Heskett, all rights reserved.
More information about the fedora-list
mailing list