[afnog] NFS mounting

Antonio Godinho antonio at uem.mz
Thu Sep 28 07:35:43 UTC 2006


Hi,

I went and checked everything, and could not find anything wrong so I 
rebooted the server machine and it all started working. Miracle!
I did not need to add hosts to the hosts file and my dns already has reverse 
lookup. 

Thanks all.

Cheers,

AG

On Thu, 28 Sep 2006 07:39:28 +0200, Geert Jan de Groot wrote
> On Wed, 27 Sep 2006 15:08:57 +0200  "Antonio Godinho" wrote:
> > I am trying to mount an NFS file system over the network on the same 
LAN. 
> > - Both Machines are running FreeBSD 5.3
> > - on the machine that is to be the server machine I have done the 
following:
> >     created exports file with "/nfsdir -maproot=root client"
> >     added to rc.conf:     rpcbind_enable="YES"
> >                           nfs_server_enable="YES"
> >                           mountd_flags="-r"
> >     started up nfsd, rpcbind and mountd
> > - On the machine that is to be the client I have done:
> >     added to rc.conf: "nfs_client_enable="YES""
> > Now when I run on the client computer: mount server:/nfsdir /temp
> > It says "Permission denied"
> 
> Your prime problem is getting mountd to give your client a valid
> initial NFS file handle (that's what NFS security is all about,
> and that's the only security you'll have, so please do filter, 
> but only add filter-crazyness after you have a working setup!)
> 
> There's a few things you should try, I think you did all of this
> but just for completeness sake:
> 1. Make sure the IP address of the client can be reverse-lookup'ed
>    by the server, and the resulting name should resolve to the same 
> IP,   so that the mapping is consistent
> 
> 2. HUP mountd after making changes to /etc/exports
> 
> 3. Run tcpdump and see what happens. What you should see is a lookup
>    to portmapper and an RPC call to mountd. Check port numbers, including
>    source port numbers (see below).
>    There's no access to port 2049 yet, that only happens after the
>    root file handle is obtained.
> 
> 4. Check mountd's man page, it has a few potentially interesting options:
> 
>      -d      Output debugging information.
> 
>      -l      Cause all succeeded mountd requests to be logged.
> 
>      -n      Allow non-root mount requests to be served.  This 
> should only be             specified if there are clients such as 
> PC's, that require it.  It             will automatically clear the 
> vfs.nfsrv.nfs_privport sysctl flag,             which controls if 
> the kernel will accept NFS requests from             reserved ports only.
> 
> 5. My exports file (sanitized) looks like this:
> 	/export/fs0     -noresvport -alldirs -network=192.0.2.0/24
>    (Mind you, this is a NetBSD box but from the man pages mountd
>    seems to share heritage)
>    Sometimes it helps to try another, known-working config, 
>    so feel free to swipe mine, I hope this helps.
> 
> 6. I *think* the 'non-privileged port' thing means client-port < 
> 1023,   like the old r* set of protocols. Anyway, using tcpdump, 
> check   what ports you *are* using and consider dropping the 
> 'privileged-port'   restriction (it's not buying you much anyway)
> 
> 7. What does 'showmount -e' say?
> 
> Hope some of this helps. Let me know how it goes,
> 
> Geert Jan


--
Antonio Godinho
B.Sc., MCP+I, MCSE, CCNA, CCNP
CIUEM
Maputo
Mozambique




More information about the afnog mailing list