NFS - connection refused (rpcinfo: can't contact portmapper RPC: Remote system error - Connection refused) centos 8

Issues related to configuring your network
Post Reply
vimba
Posts: 10
Joined: 2019/04/19 18:36:48

NFS - connection refused (rpcinfo: can't contact portmapper RPC: Remote system error - Connection refused) centos 8

Post by vimba » 2019/10/19 19:06:40

Problem: Client cannot mount nfs with firewall-cmd services enabled, nfs.conf


problem:
with firewalld enabled

Code: Select all

rpcinfo -p 192.168.122.1
rpcinfo: can't contact portmapper: RPC: Remote system error - Connection refused
with firewalld disabled

Code: Select all

[root@client ~]# rpcinfo -p 192.168.122.1
   program vers proto   port  service
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100000    2   tcp    111  portmapper
    100000    4   udp    111  portmapper
    100000    3   udp    111  portmapper
    100000    2   udp    111  portmapper
    100024    1   udp  19904  status
    100024    1   tcp  19904  status
    100005    1   udp  19902  mountd
    100005    1   tcp  19902  mountd
    100005    2   udp  19902  mountd
    100005    2   tcp  19902  mountd
    100005    3   udp  19902  mountd
    100005    3   tcp  19902  mountd
    100003    3   tcp   2049  nfs
    100003    4   tcp   2049  nfs
    100227    3   tcp   2049  nfs_acl
    100021    1   udp  19901  nlockmgr
    100021    3   udp  19901  nlockmgr
    100021    4   udp  19901  nlockmgr
    100021    1   tcp  19900  nlockmgr
    100021    3   tcp  19900  nlockmgr
    100021    4   tcp  19900  nlockmgr

host details

Code: Select all

libvrtid/kvm vm host

7: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 52:54 RETRACTED a:35 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever

Linux host.intranet 4.18.0-80.11.2.el8_0.x86_64 #1 SMP Tue Sep 24 11:32:19 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

[root@host ~]# cat /etc/os
os-release  ostree/     
[root@host ~]# cat /etc/os-release 
NAME="CentOS Linux"
VERSION="8 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="8"
PLATFORM_ID="platform:el8"
PRETTY_NAME="CentOS Linux 8 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:8"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-8"
CENTOS_MANTISBT_PROJECT_VERSION="8"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="8"

Client details

Code: Select all

libvrtid/kvm vm guest


2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 52:5 RETRACTED :9b:cc brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.9/24 brd 192.168.122.255 scope global noprefixroute dynamic eth0
       valid_lft 3104sec preferred_lft 3104sec
    inet6 RETRACTED scope link noprefixroute 
       valid_lft forever preferred_lft forever

Linux client.intranet 3.10.0-1062.1.2.el7.x86_64 #1 SMP Mon Sep 30 14:19:46 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

[root@client ~]# cat /etc/os-release 
anaconda-ks.cfg  .bash_profile    .pki/            tmp.txt
.bash_history    .bashrc          .ssh/            
.bash_logout     .cshrc           .tcshrc          
[root@client ~]# cat /etc/os-release 
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"


host installed package

Code: Select all

[root@host ~]# dnf list all  | grep nfs
libnfsidmap.x86_64                                   1:2.3.3-14.el8_0.2                                      @BaseOS   
nfs-utils.x86_64                                     1:2.3.3-14.el8_0.2                                      @BaseOS   
pcp-pmda-nfsclient.x86_64                            4.3.0-3.el8                                             @AppStream
sssd-nfs-idmap.x86_64                                2.0.0-43.el8_0.3                                        @BaseOS   
libnfsidmap.i686                                     1:2.3.3-14.el8_0.2                                      BaseOS    
libstoragemgmt-nfs-plugin.noarch                     1.6.2-9.el8                                             BaseOS    
libstoragemgmt-nfs-plugin-clibs.i686                 1.6.2-9.el8                                             BaseOS    
libstoragemgmt-nfs-plugin-clibs.x86_64               1.6.2-9.el8                                             BaseOS    
nfs-utils.i686                                       1:2.3.3-14.el8_0                                        BaseOS    
nfs4-acl-tools.i686                                  0.3.5-0.el8                                             BaseOS    
nfs4-acl-tools.x86_64                                0.3.5-0.el8                                             BaseOS    
texlive-mfnfss.noarch                                7:20180414-13.el8                                       AppStream 
texlive-psnfss.noarch                                7:20180414-13.el8                                       AppStream 

Host services
https://access.redhat.com/documentation ... nd-storage

enabled services

Code: Select all

systemctl enable firewalld
systemctl enable nfs-server.service 
systemctl enable nfs-idmapd.service 
systemctl enable rpc-gssd.service 
systemctl enable rpc-statd.service 
started/running

Code: Select all

systemctl start firewalld
systemctl start nfs-server.service 
systemctl start nfs-idmapd.service 
systemctl start rpc-gssd.service 
systemctl start rpc-statd.service 

Code: Select all

[root@host~]# systemctl | grep nfs
  proc-fs-nfsd.mount                                                                             loaded active mounted   NFSD configuration filesystem                                                                             
  var-lib-nfs-rpc_pipefs.mount                                                                   loaded active mounted   RPC Pipe File System                                                                                      
  nfs-idmapd.service                                                                             loaded active running   NFSv4 ID-name mapping service                                                                             
  nfs-mountd.service                                                                             loaded active running   NFS Mount Daemon                                                                                          
  nfs-server.service                                                                             loaded active exited    NFS server and services                                                                                   
  nfs-client.target                                                                              loaded active active    NFS client services  


[root@host ~]# systemctl | grep rpc
  var-lib-nfs-rpc_pipefs.mount                                                                   loaded active mounted   RPC Pipe File System                                                                                      
  rpc-statd-notify.service                                                                       loaded active exited    Notify NFS peers of a restart                                                                             
  rpc-statd.service                                                                              loaded active running   NFS status monitor for NFSv2/3 locking.                                                                   
  rpcbind.service                                                                                loaded active running   RPC Bind                                                                                                  
  rpcbind.socket                                                                                 loaded active running   RPCbind Server Activation Socket                                                                          
  rpc_pipefs.target                                                                              loaded active active    rpc_pipefs.target                                                                                         
  rpcbind.target                                                                                 loaded active active    RPC Port Mapper   

Configurations

vi /etc/nfs.conf

Code: Select all

#
# This is a general configuration for the
# NFS daemons and tools
#
[general]
# pipefs-directory=/var/lib/nfs/rpc_pipefs
#
[exportfs]
# debug=0
#
[gssd]
# use-memcache=0
# use-machine-creds=1
use-gss-proxy=1
# avoid-dns=1
# limit-to-legacy-enctypes=0
# context-timeout=0
# rpc-timeout=5
# keytab-file=/etc/krb5.keytab
# cred-cache-directory=
# preferred-realm=
#
[lockd]
 port=19900
#udp-port=19901
#
[mountd]
# debug=0
# manage_gids=n
# descriptors=0
port=19902
# threads=1
# reverse-lookup=n
# state-directory-path=/var/lib/nfs
# ha-callout=
#
[nfsdcltrack]
# debug=0
# storagedir=/var/lib/nfs/nfsdcltrack
#
[nfsd]
# debug=0
# threads=8
# host=
#port=19903
# grace-time=90
# lease-time=90
# tcp=y
# vers2=n
# vers3=y
# vers4=y
# vers4.0=y
# vers4.1=y
# vers4.2=y
# rdma=n
#
[statd]
# debug=0
port=19904
# outgoing-port=0
# name=
# state-directory-path=/var/lib/nfs/statd
# ha-callout=
# no-notify=0
#
[sm-notify]
# debug=0
# force=0
# retry-time=900
# outgoing-port=
# outgoing-addr=
# lift-grace=y
#


firewall configuration

Code: Select all

[root@host ~]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp0s25
  sources: 
  services: cockpit dhcpv6-client mountd nfs nfs3 nfsCustom rpc-bind ssh
  ports: 
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

Code: Select all

vi /usr/lib/firewalld/services/nfsCustom.xml
<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Customized NFS test</short>
  <description>open ports listed in rpcinfo -p</description>
  <port protocol="tcp" port="19900"/>
  <port protocol="udp" port="19901"/>
  <port protocol="tcp" port="19902"/>
  <port protocol="udp" port="19902"/>
  <port protocol="tcp" port="19903"/>
  <port protocol="tcp" port="19904"/>
  <port protocol="udp" port="19904"/>
</service>
sockets

Code: Select all

root@host ~]# ss -a | grep nfs
tcp               LISTEN              0                    64         0.0.0.0:nfs              0.0.0.0:*                  
tcp               LISTEN              0                    64           [::]:nfs     [::]:*                  
[root@host ~]#
 
selinux is set to permissive on both machines


i dont understand what i do wrong...

vimba
Posts: 10
Joined: 2019/04/19 18:36:48

Re: NFS - connection refused (rpcinfo: can't contact portmapper RPC: Remote system error - Connection refused) centos 8

Post by vimba » 2019/10/19 21:38:09

testing with tcpdump with above configuration

Code: Select all

[root@host~]# tcpdump -vvvv -i virbr0 port not 22

[root@client~]# nc -vz 192.168.122.1 2049
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connection refused.
[root@client~]# 




tcpdump: listening on virbr0, link-type EN10MB (Ethernet), capture size 262144 bytes
23:34:49.857384 IP (tos 0x0, ttl 64, id 24323, offset 0, flags [DF], proto TCP (6), length 60)
    192.168.122.9.46012 > host.intranet.nfs: Flags [S], cksum 0x758a (incorrect -> 0x5306), seq 2977742494, win 29200, options [mss 1460,sackOK,TS val 1565085 ecr 0,nop,wscale 7], length 0
23:34:49.857443 IP (tos 0xc0, ttl 64, id 42323, offset 0, flags [none], proto ICMP (1), length 88)
    host.intranet > 192.168.122.9: ICMP host.intranet tcp port nfs unreachable, length 68
        IP (tos 0x0, ttl 64, id 24323, offset 0, flags [DF], proto TCP (6), length 60)
    192.168.122.9.46012 > host.intranet.nfs: Flags [S], cksum 0x758a (incorrect -> 0x5306), seq 2977742494, win 29200, options [mss 1460,sackOK,TS val 1565085 ecr 0,nop,wscale 7], length 0


i will disable firewalld and create nftables rules instead

davymatt
Posts: 30
Joined: 2013/06/12 16:21:14
Location: Salisbury, UK
Contact:

Re: NFS - connection refused (rpcinfo: can't contact portmapper RPC: Remote system error - Connection refused) centos 8

Post by davymatt » 2019/10/21 15:24:31

I would enable/start rpcbind & open ports 111 & 2049 both udp and tcp.

Code: Select all

systemctl (enable/start) rpcbind
firewall-cmd (--permanent) --add-port=2049/tcp
firewall-cmd (--permanent) --add-port=2049/udp
firewall-cmd (--permanent) --add-port=111/tcp
firewall-cmd (--permanent) --add-port=111/udp
Should get rid of your rpc problem anyway.
Best wishes Dave

Post Reply