[afnog] NFS mounting

Geert Jan de Groot GeertJan.deGroot at xs4all.nl
Thu Sep 28 05:39:28 UTC 2006 

On Wed, 27 Sep 2006 15:08:57 +0200  "Antonio Godinho" wrote:
> I am trying to mount an NFS file system over the network on the same LAN. 
> - Both Machines are running FreeBSD 5.3
> - on the machine that is to be the server machine I have done the following:
>     created exports file with "/nfsdir -maproot=root client"
>     added to rc.conf:     rpcbind_enable="YES"
>                           nfs_server_enable="YES"
>                           mountd_flags="-r"
>     started up nfsd, rpcbind and mountd
> - On the machine that is to be the client I have done:
>     added to rc.conf: "nfs_client_enable="YES""
> Now when I run on the client computer: mount server:/nfsdir /temp
> It says "Permission denied"

Your prime problem is getting mountd to give your client a valid
initial NFS file handle (that's what NFS security is all about,
and that's the only security you'll have, so please do filter, 
but only add filter-crazyness after you have a working setup!)

There's a few things you should try, I think you did all of this
but just for completeness sake:
1. Make sure the IP address of the client can be reverse-lookup'ed
   by the server, and the resulting name should resolve to the same IP,
   so that the mapping is consistent

2. HUP mountd after making changes to /etc/exports

3. Run tcpdump and see what happens. What you should see is a lookup
   to portmapper and an RPC call to mountd. Check port numbers, including
   source port numbers (see below).
   There's no access to port 2049 yet, that only happens after the
   root file handle is obtained.

4. Check mountd's man page, it has a few potentially interesting options:

     -d      Output debugging information.

     -l      Cause all succeeded mountd requests to be logged.

     -n      Allow non-root mount requests to be served.  This should only be
             specified if there are clients such as PC's, that require it.  It
             will automatically clear the vfs.nfsrv.nfs_privport sysctl flag,
             which controls if the kernel will accept NFS requests from
             reserved ports only.

5. My exports file (sanitized) looks like this:
	/export/fs0     -noresvport -alldirs -network=192.0.2.0/24
   (Mind you, this is a NetBSD box but from the man pages mountd
   seems to share heritage)
   Sometimes it helps to try another, known-working config, 
   so feel free to swipe mine, I hope this helps.

6. I *think* the 'non-privileged port' thing means client-port < 1023,
   like the old r* set of protocols. Anyway, using tcpdump, check
   what ports you *are* using and consider dropping the 'privileged-port'
   restriction (it's not buying you much anyway)

7. What does 'showmount -e' say?

Hope some of this helps. Let me know how it goes,

Geert Jan

More information about the afnog mailing list