nfs issue...

[Pete Nesbitt]

On July 2, 2004 09:51 am, bruce wrote:
> pete....
>
> arrgghhhh... something's going wrong again.......
>
> i rebooted the server.... and restarted nfs, and the required processes...
>
> without iptables running on the client/server.. i can connect from the
> client to the server.
>
> when i enable iptables on the server, the client no longer connects... i
> get:
>
> mount: RPC: Remote system error - Connection refused
>
> the iptables for the server is what we used last night...
>
> # Firewall configuration written by lokkit
> # Manual customization of this file is not recommended.
> # Note: ifup-post will punch the current nameservers through the
> #       firewall; such entries will *not* be listed here.
> *filter
>
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> :RH-Lokkit-0-50-INPUT - [0:0]
>
> -A INPUT -j RH-Lokkit-0-50-INPUT
> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT
> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 23 --syn -j ACCEPT
> -A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0 --dport
> 67:68 -i eth0 -j ACCEPT
> -A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0 --dport
> 67:68 -i eth1 -j ACCEPT
> -A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --syn -j REJECT
> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 --syn -j ACCEPT
> -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT
> -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 -j ACCEPT
> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 6000:6009 --syn -j REJECT
> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 --syn -j REJECT
> COMMIT
>


Bruce,
Is iptables stopped on the client?
Can you post the output of 'service iptables status' from the server?

On the client, with iptables stopped, it's "service iptables status" should be 
"Firewall is stopped."

-- 
Pete Nesbitt, rhce