I'm trying to setup a NFS connection from Centos 5.0 Client to Centos 3.8 Server
Everything as per the Centos 3 Manual is setup on the server and netstat -tnlp shows my server is listening on ports 111 and 2049
My problem is when I try and connect from the client it eventually times out.
So I ran tcpdump on my server as well as on my client
I've also setup iptables to allow all connections from my own client by setting the following
iptables -I INPUT 1 -s IP_ADDRESS_OF_CLIENT -j ACCEPT
now when I run mount ip_address_of_server:/nfs/mountpoint /mntpoint (note names are different just used this for security reasons)
I can see the connection heading out to the Net on my tcpdump logs and its trying to connect to tcp port 111 on the server. But I don't see the connection coming into the server on my tcpdump logs
If I do a ping from my client to my server I see both tcpdump on client and server log it.
Also note both client and server have a static ip address with no nat firewall in between.
Hopefully someone has a clue as to why my connection leaves my client and never arrives at my server.
NFS Connection Times Out
-
sandgroper
- Posts: 7
- Joined: 2007/05/08 15:34:44
- Location: Perth - Western Australia
NFS Connection Times Out
[quote]
cabotp wrote:
I'm trying to setup a NFS connection from Centos 5.0 Client to Centos 3.8 Server
Everything as per the Centos 3 Manual is setup on the server and netstat -tnlp shows my server is listening on ports 111 and 2049
My problem is when I try and connect from the client it eventually times out.
So I ran tcpdump on my server as well as on my client
I've also setup iptables to allow all connections from my own client by setting the following
iptables -I INPUT 1 -s IP_ADDRESS_OF_CLIENT -j ACCEPT
now when I run mount ip_address_of_server:/nfs/mountpoint /mntpoint (note names are different just used this for security reasons)
I can see the connection heading out to the Net on my tcpdump logs and its trying to connect to tcp port 111 on the server. But I don't see the connection coming into the server on my tcpdump logs
If I do a ping from my client to my server I see both tcpdump on client and server log it.
Also note both client and server have a static ip address with no nat firewall in between.
Hopefully someone has a clue as to why my connection leaves my client and never arrives at my server.[/quote]
Firstly you iptable rule is not really the way is it done.
What that rule says is to insert the INPUT rule before rule 1 and if that is the only rule , then that is not the right thing to do.
Also you will need a INPUT and OUTPUT chain to allow traffic to /from the client.
There can be quite a lot of rules in iptables that can be set up for the scene of allowing all traffic from just one server and the rule set are order dependant , but I can give you a bit of a idea of what's involved.
Here is a script that can be run to set up some iptable rules
# !/bin/bash
# flush tables and set up default policies
iptables -F
iptables -X
iptables -t nat -F PREROUTING
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iiptables -P FORWARD DROP
# allow traffic on loopback
iptables -A INPUT -i lo -J ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
#allow control packets/signals
iptables -A INPUT -p icmp -j ACCEPT
iptables -A OUTPUT -p icmp -J ACCEPT
iptables -A INPUT -p udp -j ACCEPT
iptables -A OUTPUT -p udp -j ACCEPT
# allow traffic in/out for client
iptables -A INPUT -s -j ACCEPT
iptables -A OUTPUT -d -J ACCEPT
# drop everything else
iptables - A INPUT -j DROP
iptables -A OUTPUT -j DROP
iptables -A FORWARD -j DROP
echo
iptables -nL
------------------------------------
To remove these rules and to set them back to default policies use this script :
# !/bin/bash
# script to flush firewall and to reset default policies
# flush all tables
iptables -F
iptables -X
iptables -t nat -X
# reset default policies on filter table
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
# reset default policies on nat table
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
echo
iptables -nL
The above rules set could be a bit too restrictive because I don't know your server set up , but you can see how the iptable ruleset can be constructed.
The above rule set will allow unrestricted traffic from the local loop back, from the client machine as well as allowing control packets udp , icmp ( ping ... etc ) and then it will drop everythng else.
You could get a bit more elaborate and expand on these rules.
I have also included a script to reset everything back to the default iptables policies so that the first script can be undone.
cabotp wrote:
I'm trying to setup a NFS connection from Centos 5.0 Client to Centos 3.8 Server
Everything as per the Centos 3 Manual is setup on the server and netstat -tnlp shows my server is listening on ports 111 and 2049
My problem is when I try and connect from the client it eventually times out.
So I ran tcpdump on my server as well as on my client
I've also setup iptables to allow all connections from my own client by setting the following
iptables -I INPUT 1 -s IP_ADDRESS_OF_CLIENT -j ACCEPT
now when I run mount ip_address_of_server:/nfs/mountpoint /mntpoint (note names are different just used this for security reasons)
I can see the connection heading out to the Net on my tcpdump logs and its trying to connect to tcp port 111 on the server. But I don't see the connection coming into the server on my tcpdump logs
If I do a ping from my client to my server I see both tcpdump on client and server log it.
Also note both client and server have a static ip address with no nat firewall in between.
Hopefully someone has a clue as to why my connection leaves my client and never arrives at my server.[/quote]
Firstly you iptable rule is not really the way is it done.
What that rule says is to insert the INPUT rule before rule 1 and if that is the only rule , then that is not the right thing to do.
Also you will need a INPUT and OUTPUT chain to allow traffic to /from the client.
There can be quite a lot of rules in iptables that can be set up for the scene of allowing all traffic from just one server and the rule set are order dependant , but I can give you a bit of a idea of what's involved.
Here is a script that can be run to set up some iptable rules
# !/bin/bash
# flush tables and set up default policies
iptables -F
iptables -X
iptables -t nat -F PREROUTING
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iiptables -P FORWARD DROP
# allow traffic on loopback
iptables -A INPUT -i lo -J ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
#allow control packets/signals
iptables -A INPUT -p icmp -j ACCEPT
iptables -A OUTPUT -p icmp -J ACCEPT
iptables -A INPUT -p udp -j ACCEPT
iptables -A OUTPUT -p udp -j ACCEPT
# allow traffic in/out for client
iptables -A INPUT -s -j ACCEPT
iptables -A OUTPUT -d -J ACCEPT
# drop everything else
iptables - A INPUT -j DROP
iptables -A OUTPUT -j DROP
iptables -A FORWARD -j DROP
echo
iptables -nL
------------------------------------
To remove these rules and to set them back to default policies use this script :
# !/bin/bash
# script to flush firewall and to reset default policies
# flush all tables
iptables -F
iptables -X
iptables -t nat -X
# reset default policies on filter table
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
# reset default policies on nat table
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
echo
iptables -nL
The above rules set could be a bit too restrictive because I don't know your server set up , but you can see how the iptable ruleset can be constructed.
The above rule set will allow unrestricted traffic from the local loop back, from the client machine as well as allowing control packets udp , icmp ( ping ... etc ) and then it will drop everythng else.
You could get a bit more elaborate and expand on these rules.
I have also included a script to reset everything back to the default iptables policies so that the first script can be undone.