problem:
with firewalld enabled
Code: Select all
rpcinfo -p 192.168.122.1
rpcinfo: can't contact portmapper: RPC: Remote system error - Connection refused
Code: Select all
[root@client ~]# rpcinfo -p 192.168.122.1
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 19904 status
100024 1 tcp 19904 status
100005 1 udp 19902 mountd
100005 1 tcp 19902 mountd
100005 2 udp 19902 mountd
100005 2 tcp 19902 mountd
100005 3 udp 19902 mountd
100005 3 tcp 19902 mountd
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100227 3 tcp 2049 nfs_acl
100021 1 udp 19901 nlockmgr
100021 3 udp 19901 nlockmgr
100021 4 udp 19901 nlockmgr
100021 1 tcp 19900 nlockmgr
100021 3 tcp 19900 nlockmgr
100021 4 tcp 19900 nlockmgr
host details
Code: Select all
libvrtid/kvm vm host
7: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 52:54 RETRACTED a:35 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
Linux host.intranet 4.18.0-80.11.2.el8_0.x86_64 #1 SMP Tue Sep 24 11:32:19 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
[root@host ~]# cat /etc/os
os-release ostree/
[root@host ~]# cat /etc/os-release
NAME="CentOS Linux"
VERSION="8 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="8"
PLATFORM_ID="platform:el8"
PRETTY_NAME="CentOS Linux 8 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:8"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-8"
CENTOS_MANTISBT_PROJECT_VERSION="8"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="8"
Code: Select all
libvrtid/kvm vm guest
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 52:5 RETRACTED :9b:cc brd ff:ff:ff:ff:ff:ff
inet 192.168.122.9/24 brd 192.168.122.255 scope global noprefixroute dynamic eth0
valid_lft 3104sec preferred_lft 3104sec
inet6 RETRACTED scope link noprefixroute
valid_lft forever preferred_lft forever
Linux client.intranet 3.10.0-1062.1.2.el7.x86_64 #1 SMP Mon Sep 30 14:19:46 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
[root@client ~]# cat /etc/os-release
anaconda-ks.cfg .bash_profile .pki/ tmp.txt
.bash_history .bashrc .ssh/
.bash_logout .cshrc .tcshrc
[root@client ~]# cat /etc/os-release
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"
host installed package
Code: Select all
[root@host ~]# dnf list all | grep nfs
libnfsidmap.x86_64 1:2.3.3-14.el8_0.2 @BaseOS
nfs-utils.x86_64 1:2.3.3-14.el8_0.2 @BaseOS
pcp-pmda-nfsclient.x86_64 4.3.0-3.el8 @AppStream
sssd-nfs-idmap.x86_64 2.0.0-43.el8_0.3 @BaseOS
libnfsidmap.i686 1:2.3.3-14.el8_0.2 BaseOS
libstoragemgmt-nfs-plugin.noarch 1.6.2-9.el8 BaseOS
libstoragemgmt-nfs-plugin-clibs.i686 1.6.2-9.el8 BaseOS
libstoragemgmt-nfs-plugin-clibs.x86_64 1.6.2-9.el8 BaseOS
nfs-utils.i686 1:2.3.3-14.el8_0 BaseOS
nfs4-acl-tools.i686 0.3.5-0.el8 BaseOS
nfs4-acl-tools.x86_64 0.3.5-0.el8 BaseOS
texlive-mfnfss.noarch 7:20180414-13.el8 AppStream
texlive-psnfss.noarch 7:20180414-13.el8 AppStream
Host services
https://access.redhat.com/documentation ... nd-storage
enabled services
Code: Select all
systemctl enable firewalld
systemctl enable nfs-server.service
systemctl enable nfs-idmapd.service
systemctl enable rpc-gssd.service
systemctl enable rpc-statd.service
Code: Select all
systemctl start firewalld
systemctl start nfs-server.service
systemctl start nfs-idmapd.service
systemctl start rpc-gssd.service
systemctl start rpc-statd.service
Code: Select all
[root@host~]# systemctl | grep nfs
proc-fs-nfsd.mount loaded active mounted NFSD configuration filesystem
var-lib-nfs-rpc_pipefs.mount loaded active mounted RPC Pipe File System
nfs-idmapd.service loaded active running NFSv4 ID-name mapping service
nfs-mountd.service loaded active running NFS Mount Daemon
nfs-server.service loaded active exited NFS server and services
nfs-client.target loaded active active NFS client services
[root@host ~]# systemctl | grep rpc
var-lib-nfs-rpc_pipefs.mount loaded active mounted RPC Pipe File System
rpc-statd-notify.service loaded active exited Notify NFS peers of a restart
rpc-statd.service loaded active running NFS status monitor for NFSv2/3 locking.
rpcbind.service loaded active running RPC Bind
rpcbind.socket loaded active running RPCbind Server Activation Socket
rpc_pipefs.target loaded active active rpc_pipefs.target
rpcbind.target loaded active active RPC Port Mapper
vi /etc/nfs.conf
Code: Select all
#
# This is a general configuration for the
# NFS daemons and tools
#
[general]
# pipefs-directory=/var/lib/nfs/rpc_pipefs
#
[exportfs]
# debug=0
#
[gssd]
# use-memcache=0
# use-machine-creds=1
use-gss-proxy=1
# avoid-dns=1
# limit-to-legacy-enctypes=0
# context-timeout=0
# rpc-timeout=5
# keytab-file=/etc/krb5.keytab
# cred-cache-directory=
# preferred-realm=
#
[lockd]
port=19900
#udp-port=19901
#
[mountd]
# debug=0
# manage_gids=n
# descriptors=0
port=19902
# threads=1
# reverse-lookup=n
# state-directory-path=/var/lib/nfs
# ha-callout=
#
[nfsdcltrack]
# debug=0
# storagedir=/var/lib/nfs/nfsdcltrack
#
[nfsd]
# debug=0
# threads=8
# host=
#port=19903
# grace-time=90
# lease-time=90
# tcp=y
# vers2=n
# vers3=y
# vers4=y
# vers4.0=y
# vers4.1=y
# vers4.2=y
# rdma=n
#
[statd]
# debug=0
port=19904
# outgoing-port=0
# name=
# state-directory-path=/var/lib/nfs/statd
# ha-callout=
# no-notify=0
#
[sm-notify]
# debug=0
# force=0
# retry-time=900
# outgoing-port=
# outgoing-addr=
# lift-grace=y
#
firewall configuration
Code: Select all
[root@host ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: enp0s25
sources:
services: cockpit dhcpv6-client mountd nfs nfs3 nfsCustom rpc-bind ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
Code: Select all
vi /usr/lib/firewalld/services/nfsCustom.xml
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>Customized NFS test</short>
<description>open ports listed in rpcinfo -p</description>
<port protocol="tcp" port="19900"/>
<port protocol="udp" port="19901"/>
<port protocol="tcp" port="19902"/>
<port protocol="udp" port="19902"/>
<port protocol="tcp" port="19903"/>
<port protocol="tcp" port="19904"/>
<port protocol="udp" port="19904"/>
</service>
Code: Select all
root@host ~]# ss -a | grep nfs
tcp LISTEN 0 64 0.0.0.0:nfs 0.0.0.0:*
tcp LISTEN 0 64 [::]:nfs [::]:*
[root@host ~]#
i dont understand what i do wrong...