3

I was getting below error while typing showmount -e 192.168.56.2 in client machine

[root@client ~]# showmount -e 192.168.56.2
clnt_create: RPC: Port mapper failure - Unable to receive: errno 113 (No route to host)

This is my nfs server configuration

nfs server ip 192.168.56.2

This is my nfs share

[root@www ~]# cat /etc/exports 
/files  192.168.56.7(rw,sync)

These are the two services running in server machine

[root@www ~]# service rpcbind status
rpcbind (pid  2626) is running...

[root@www ~]# service nfs status
rpc.svcgssd is stopped
rpc.mountd (pid 2716) is running...
nfsd (pid 2781 2780 2779 2778 2777 2776 2775 2774) is running...
rpc.rquotad (pid 2712) is running...

This is my iptables rule 

[root@www ~]# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Thu Oct 31 02:08:16 2013
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [5:388]
-A INPUT -p tcp -m tcp --dport 111 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 2049 -j ACCEPT 
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p icmp -j ACCEPT 
-A INPUT -i lo -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT 
-A INPUT -j REJECT --reject-with icmp-host-prohibited 
-A FORWARD -j REJECT --reject-with icmp-host-prohibited 
COMMIT
# Completed on Thu Oct 31 02:08:16 2013

If I flush the iptables rule in server machine then my client is able to see nfs share 

[root@client ~]# showmount -e 192.168.56.2
Export list for 192.168.56.2:
/files 192.168.56.7

That means problem with iptables rule , can anybody tell me what is the problem with my iptables rule , am I missing any other port ? How to troubleshoot these types of problems ?

I tried this method from my client machine to verify port is listening or not and this is the output of that 

[root@client ~]# telnet 192.168.56.2 111
Trying 192.168.56.2...
Connected to 192.168.56.2.
Escape character is '^]'.

[root@client ~]# telnet 192.168.56.2 2049
Trying 192.168.56.2...
Connected to 192.168.56.2.
Escape character is '^]'.
Improve this question

2 Answers 2

Reset to default
2

The list of open ports for NFS is too restrictive. First, you will have to open the same ports to UDP, then you will need to add 2 more ports. The complete list of ports to be opened is:

 sunrpc     111/tcp    rpcbind  #SUN Remote Procedure Call
 sunrpc     111/udp    rpcbind  #SUN Remote Procedure Call
 nfsd-status    1110/tcp   #Cluster status info
 nfsd-keepalive 1110/udp   #Client status info
 nfsd       2049/tcp   nfs      # NFS server daemon
 nfsd       2049/udp   nfs      # NFS server daemon
 lockd      4045/udp   # NFS lock daemon/manager
 lockd      4045/tcp
Improve this answer
6
  • Before adding 2 ports is there any changes I have to make in this file /etc/sysconfig/nfs ?
    – max
    Commented Oct 31, 2013 at 7:34
  • Not unless you have a non-standard installation.
    – MariusMatutiae
    Commented Oct 31, 2013 at 7:36
  • According to your answer I changed the iptables rule but 1110 and 4045 ports are still not listening from my client, so I deleted those 2 ports from iptables and added only this 111/tcp, 111/udp, 2049/tcp, 2049/udp and it starts working.
    – max
    Commented Oct 31, 2013 at 8:09
  • Your answer is correct but I need some info like by seeing that error how can I guess that its because if port problem ? any log message will provide that info ? or tell me any trouble shooting method.
    – max
    Commented Oct 31, 2013 at 8:15
  • Pls accept my answer if it now works. As for troubeshooting: you have connection, you have credentials (you can log in with no firewall), but you cannot connect with firewall. Hence firewall too restrictive. Looked up what I did on another pc. Otherwise, I could have googled needed ports, something like "NFS iptables ports".
    – MariusMatutiae
    Commented Oct 31, 2013 at 8:19
2

NFS SERVER:

Configure Ports for rquotd(875/udp; 875/tcp), lockd(32803/tcp; 32769/udp), mountd(892/udp; 892/tcp), statd(10053/udp; 10053/tcp), statd_outgoing(10054/udp; 10054/tcp)

    vim /etc/sysconfig/nfs

If desired, disable NFS v3 and NFS v2 suport by editing lines 5 & 6 of /etc/sysconfig/nfs

    MOUNTD_NFS_V2="no"
    MOUNTD_NFS_V3="no"

Save current Iptables rules for later use

    iptables-save > pre-nfs-firewall-rules-server

Flush and check Iptables rules

    iptables -F
    iptables -L

Stop and Start NFS and related Services in the following sequence

   service rpcbind stop
   service nfslock stop
   service nfs stop
   service rpcbind start
   service nfslock start
   service nfs start

Make sure the configured NFS and its associated ports shows as set before and notedown the port numbers and the OSI layer 4 protcols. The standard port numbers for rpcbind (or portmapper) are 111/udp, 111/tcp and nfs are 2049/udp, 2049/tcp.

   rpcinfo -p | sort -k 3

Restore the pre-nfs-firewall-rules now

   iptables-restore < pre-nfs-firewall-rules-server

Write iptables rules for NFS server (Note: Loopback adapter has to allowed, else you will see packets dropped and also when you restart nfs service, it will spit ERROR { Starting NFS quotas: Cannot register service: RPC: Timed out rpc.rquotad: unable to register (RQUOTAPROG, RQUOTAVERS, udp). [FAILED] } for rquotad daemon. You can check this by adding a rule with LOG jump target at the bottom of INPUT or OUTPUT chains of filter table)

   iptables -P INPUT DROP
   iptables -P OUTPUT DROP 
   iptables -A INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p udp -m multiport --dports 10053,111,2049,32769,875,892 -m state --state NEW,ESTABLISHED -j ACCEPT 
   iptables -A INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p tcp -m multiport --dports 10053,111,2049,32803,875,892 -m state --state NEW,ESTABLISHED -j ACCEPT 
   iptables -A OUTPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p udp -m multiport --sports 10053,111,2049,32769,875,892 -m state --state ESTABLISHED -j ACCEPT 
   iptables -A OUTPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p tcp -m multiport --sports 10053,111,2049,32803,875,892 -m state --state ESTABLISHED -j ACCEPT 
   iptables -I INPUT  -i lo -d 127.0.0.1 -j ACCEPT
   iptables -I OUTPUT  -o lo -s 127.0.0.1 -j ACCEPT
   iptables -L -n --line-numbers

Configure NFS exports directory

   vim /etc/exports 
   exportfs -av
   showmount -e
   rpcinfo -p

Stop and Start NFS and related Services in the following sequence

   service rpcbind stop
   service nfslock stop
   service nfs stop
   service rpcbind start
   service nfslock start
   service nfs start

NFS CLIENT:

Save current Iptables rules for later use

   iptables-save > pre-nfs-firewall-rules-client

Flush and check Iptables rules

   iptables -F
   iptables -L

Obtain the firewalled NFS Server ports from the client machine and notedown the port numbers and the OSI layer 4 protcols.

   rpcinfo -p 'ip-addr-nfs-server' | sort -k 3

Restore the pre-nfs-firewall-rules now

   iptables-restore < pre-nfs-firewall-rules-client

Write iptables rules for NFS client (Note: Loopback adapter has to allowed, else you will see packets dropped and also when you restart nfs service, it will spit ERROR { Starting NFS quotas: Cannot register service: RPC: Timed out rpc.rquotad: unable to register (RQUOTAPROG, RQUOTAVERS, udp). [FAILED] } for rquotad daemon. You can check this by adding a rule with LOG jump target at the bottom of INPUT or OUTPUT chains of filter table)

   iptables -P INPUT DROP
   iptables -P OUTPUT DROP
   iptables -A INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p udp -m multiport --sports 10053,111,2049,32769,875,892 -m state --state ESTABLISHED -j ACCEPT 
   iptables -A INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p tcp -m multiport --sports 10053,111,2049,32803,875,892 -m state --state ESTABLISHED -j ACCEPT 
   iptables -A OUTPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p udp -m multiport --dports 10053,111,2049,32769,875,892 -m state --state NEW,ESTABLISHED -j ACCEPT 
   iptables -A OUTPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p tcp -m multiport --dports 10053,111,2049,32803,875,892 -m state --state NEW,ESTABLISHED -j ACCEPT 
   iptables -I INPUT  -i lo -d 127.0.0.1 -j ACCEPT
   iptables -I OUTPUT  -o lo -s 127.0.0.1 -j ACCEPT
   iptables -L -n --line-numbers

Stop and Start NFS and related Services in the following sequence

   service rpcbind stop
   service nfslock stop
   service nfs stop
   service rpcbind start
   service nfslock start
   service nfs start

List NFS Server exports

   showmount -e 'ip-addr-nfs-server'

Mount NFS Exports manually (persistent mounts can be configured using /etc/fstab)

   mount -t nfs ip-addr-nfs-server:/exported-directory /mount-point -o rw,nfsvers=3
   mount -t nfs ip-addr-nfs-server:/exported-directory /mount-point -o rw  --> For NFS4 version

Configure autofs, if automounting is preferred for nfs exports and with ldap user home directories (Direct and Indirect Maps can be set)

   vim /etc/auto.master    -> specify the mount point and map-name (Eg: auto.nfs)
   vim /etc/map-name
   service autofs stop
   service autofs start

Check mounted NFS Exports

   df -h -F nfs
   mount | grep nfs

List all pseudo root NFS-V4 export directories (NFS Lazy mount)

   ls /net/ip-addr-nfs-server
Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .