total NFS newbie needs help

Gene Heskett gene.heskett at verizon.net
Mon Jan 24 16:44:08 UTC 2005 

On Monday 24 January 2005 11:05, David Liguori wrote:
>Gene Heskett wrote:
>> Greetings;
>>
>> I have a dir on this machine that contains all 9 of the FC3 iso
>> images, and I've setup a server: line in my fstab, and setup
>> the /etc/exports file to export that dir to any address in the
>> 192.168.xx.xx block
>>
>> I *think* I have the exports for nfs setup correctly.
>>
>> I've even rebooted.
>>
>> On this machine, a showmount -e shows this:
>> [root at coyote root]# showmount -e
>> [root at coyote etc]# showmount -e
>> Export list for coyote.coyote.den:
>> /usr/dlds-misc/FC3 192.168.71.0/255.255.255.0

I moved stuff around so that only the 5 iso's are there, the
SRPMS have been moved to an SPRMS dir of their own.  No diff.

>> And on another box as client for machine coyote:
>> [root at gene root]# showmount -e coyote
>> Export list for coyote:
>> /usr/dlds-misc/FC3 192.168.71.0/255.255.255.0
>>
>> But I cannot connect with the NFS choice on the machine I'm trying
>> to install FC3 on.  And at the point in the install, there is no
>> other shell available, so all I can see is the cannot connect
>> messages once I've filled in the address of this box and the path
>> on this box to those iso's.  So at this point I have no idea if
>> the network driver the installer has loaded is wrong or what. 
>> However, the box is sitting down there with the error message on
>> screen, and I can ping it just fine:
>>
>> PING shop.coyote.den (192.168.71.4) 56(84) bytes of data.
>> 64 bytes from shop.coyote.den (192.168.71.4): icmp_seq=0 ttl=64
>> time=0.330 ms
>> 64 bytes from shop.coyote.den (192.168.71.4): icmp_seq=1 ttl=64
>> time=0.103 ms
>> 64 bytes from shop.coyote.den (192.168.71.4): icmp_seq=2 ttl=64
>> time=0.097 ms
>> 64 bytes from shop.coyote.den (192.168.71.4): icmp_seq=3 ttl=64
>> time=0.100 ms
>> 64 bytes from shop.coyote.den (192.168.71.4): icmp_seq=4 ttl=64
>> time=0.097 ms
>>
>> telnet and ssh both are refused.
>>
>> Does anyone have a clue to loan me?
>
>How do you start the NFS daemon on the server?

The server is a rather contaminated FC2.  No netfilter/iptables/selinux
enabled at all. All behind a firewall with a very good record.

>Usually it's through 
> xinetd, or at least it used to be.

For FC2, its a script in /etc/init.d, linked to by a link in /etc/rc3.d,
my normal boot mode here.

> There are hosts.allow and 
> hosts.deny files that are shipped closed down by default (usually
> "all all" is in deny, then only those hosts and services you want
> to allow are in "allow", which overrides the deny).

/etc/hosts.deny:
#
# hosts.deny This file describes the names of the hosts which are
#  *not* allowed to use the local INET services, as decided
#  by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow.  In particular
# you should know that NFS uses portmap!
--------------------------
/etc/hosts.allow
:
#
# hosts.allow This file describes the names of the hosts which are
#  allowed to use the local INET services, as decided
#  by the '/usr/sbin/tcpd' server.
#
---------------------------
> Also, you need 
> portmapper running--unless things have totally changed since I last
> set up an NFS server, a few RH releases ago.

[root at coyote mnt]# ps -ea|grep portmap
 1936 ?        00:00:00 portmap

> I can say that, in 
> general, things that are potential security risks that don't need
> to be running for basic functionality won't be, by default (eg.
> telnet, ftp, ssh, nfs.  Does it accept telnet or ssh connections
> from other machines?)--contrary to the traditional Microsoft
> policy.

telnet no, ftp unk, ssh no, nfs gets no perms error there, nothing logged here.

smb shares can be seen from here, but not written to, everything is read-only.

> Your best bet, therefore, is to consult a step by step 
> tutorial, like the one alluded to by another responder.  You can
> then be reasonably sure of opening up all those things, and only
> those things, that need to be to get the desired result.
>
> --
>David Liguori

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
99.32% setiathome rank, not too shabby for a WV hillbilly
Yahoo.com attorneys please note, additions to this message
by Gene Heskett are:
Copyright 2005 by Maurice Eugene Heskett, all rights reserved.

More information about the fedora-list mailing list