nfs and iptables in FC9, please help!
Hongwei Li
hongwei at wustl.edu
Wed Aug 27 16:31:15 UTC 2008
Hi,
I have just installed fc9 system with the following packages installed:
2.6.25.11-97.fc9.i686
rpcbind-0.1.4-14.fc9.i386
libtirpc-0.1.7-18.fc9.i386
nfs-utils-lib-1.1.1-3.fc9.i386
nfs-utils-1.1.2-2.fc9.i386
quota-3.15-7.fc9.i386
iptables-devel-1.4.1.1-1.fc9.i386
iptables-1.4.1.1-1.fc9.i386
iptables-ipv6-1.4.1.1-1.fc9.i386
...
If the firewall (iptables) is stopped, I can run nfs normally.
# rpcinfo -p
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100000 4 0 111 portmapper
100000 3 0 111 portmapper
100000 2 0 111 portmapper
100011 1 udp 875 rquotad
100011 2 udp 875 rquotad
100011 1 tcp 875 rquotad
100011 2 tcp 875 rquotad
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100021 1 udp 32769 nlockmgr
100021 3 udp 32769 nlockmgr
100021 4 udp 32769 nlockmgr
100021 1 tcp 32803 nlockmgr
100021 3 tcp 32803 nlockmgr
100021 4 tcp 32803 nlockmgr
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100005 1 udp 892 mountd
100005 1 tcp 892 mountd
100005 2 udp 892 mountd
100005 2 tcp 892 mountd
100005 3 udp 892 mountd
However, If iptable is started, then nfs is failed. The followings are
some information:
# /etc/init.d/rpcbind restart
# /etc/init.d/nfs start
Starting NFS services: [ OK ]
Starting NFS quotas: Cannot register service: RPC: Unable to receive;
errno = No route to host
rpc.rquotad: unable to register (RQUOTAPROG, RQUOTAVERS, udp).
[FAILED]
Starting NFS daemon: ^C
(hang there, I have to interrupt it)
# rpcinfo -p
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100000 4 0 111 portmapper
100000 3 0 111 portmapper
100000 2 0 111 portmapper
In my iptable's setting I have enabled the following ports:
# iptables -L -n | more
...
okay tcp -- 128.0.0.0/8 0.0.0.0/0 tcp dpt:32769
ACCEPT udp -- 128.0.0.0/8 0.0.0.0/0 udp dpt:32769
okay tcp -- 128.0.0.0/8 0.0.0.0/0 tcp dpt:32803
ACCEPT udp -- 128.0.0.0/8 0.0.0.0/0 udp dpt:32803
...
okay tcp -- 128.0.0.0/8 0.0.0.0/0 tcp dpt:2049
ACCEPT udp -- 128.0.0.0/8 0.0.0.0/0 udp dpt:2049
...
okay tcp -- 128.0.0.0/8 0.0.0.0/0 tcp dpt:762
ACCEPT udp -- 128.0.0.0/8 0.0.0.0/0 udp dpt:762
okay tcp -- 128.0.0.0/8 0.0.0.0/0 tcp dpt:875
ACCEPT udp -- 128.0.0.0/8 0.0.0.0/0 udp dpt:875
okay tcp -- 128.0.0.0/8 0.0.0.0/0 tcp dpt:892
ACCEPT udp -- 128.0.0.0/8 0.0.0.0/0 udp dpt:892
okay tcp -- 128.0.0.0/8 0.0.0.0/0 tcp dpt:662
ACCEPT udp -- 128.0.0.0/8 0.0.0.0/0 udp dpt:662
okay tcp -- 128.0.0.0/8 0.0.0.0/0 tcp dpt:2020
ACCEPT udp -- 128.0.0.0/8 0.0.0.0/0 udp dpt:2020
...
and I have edited /etc/sysconfig/nfs to set ports:
RQUOTAD="/usr/sbin/rpc.rquotad"
RQUOTAD_PORT=875
LOCKD_TCPPORT=32803
LOCKD_UDPPORT=32769
MOUNTD_PORT=892
STATD_PORT=662
STATD_OUTGOING_PORT=2020
Did I miss anything to make nfs working normally with iptables? I used the
same setting in my FC6 system without any problem, but not lucky in fc9.
Can somebody give me help? Thanks a lot!
Hongwei Li
More information about the fedora-list
mailing list