Re: FC8 and NFS service
- From: Bill Davidsen <davidsen@xxxxxxx>
- Date: Fri, 22 Feb 2008 18:40:59 -0500
Robin Laing wrote:
Bill Davidsen wrote:When I get an answer like this I know either I didn't explain the problem well or I don't follow at all what you are trying to do. The firewall is open now, and has been, all tcp/udp/icmp is accepted from the trusted subnet. I'm attaching my nfs file in case it tells you something it doesn't tell me.Terry Polzin wrote:On Wednesday 20 February 2008 14:32, Bill Davidsen wrote:I'm not that far along, I have just been exporting with exportfs at the moment, and I have turned secure mounts off. If that gets all clients working I'll change to using insecure.I am trying to replace a bunch of NFS servers with new machines runningCan we see your /etc/exports file? You may need to add insecure to your exports to use some ports in newer NFS instances.
FC8. The NFS server is doing some kind of evil security check which was
not present in FC1, causing connection rejects like "invalid port
XXXXXX" messages. Since the port works against the FC1 server, and there
are 120-140 clients per server, running various operating systems, the
solution lies in telling the NFS service to stop doing the unwanted
security check and treat anything coming through iptables as valid.
Has someone a thought on this? Changing clients isn't going to happen,
and it seems the Solaris NFS server works (or the upgrade from FC1 might
be dropped).
--
Bill Davidsen <davidsen@xxxxxxx>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
Newer instances is right, I'm building a FC9alpha1 test box as I type, I'll test both client and server on FC[6789] and client on everything.
More later, thanks.
After having fought with NFS for a weekend I found that you have to define the ports in the NFS configuration files and then open them up in the firewall.
/etc/sysconfig/nfs
The ports are random now.Exactly, but even with secure NFS off I still get stuff like:
Feb 21 21:50:33 posidon mountd[26030]: refused mount request from 192.168.2.17 for /common (/common
): illegal port 60080
I can attach that if the folding is an issue. But no matter what I set in any server file, I can't change the behavior of the clients, so I need to accept what the clients have been using all along against servers on FC1 and Solaris.
At home I have now moved to sshfs instead of nfs, more secure and easier to setup.The logistics of changing clients in any way are unacceptable. Too many clients, too many old O/S types and versions. The server has to use any port that fits in 16 bits and stop trying to do the firewall's job.
--
Bill Davidsen <davidsen@xxxxxxx>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
- Follow-Ups:
- Re: FC8 and NFS service
- From: Mike Iglesias
- Re: FC8 and NFS service
- References:
- FC8 and NFS service
- From: Bill Davidsen
- Re: FC8 and NFS service
- From: Terry Polzin
- Re: FC8 and NFS service
- From: Bill Davidsen
- Re: FC8 and NFS service
- From: Robin Laing
- FC8 and NFS service
- Prev by Date: Re: Modem help
- Next by Date: Re: FC8 and NFS service
- Previous by thread: Re: FC8 and NFS service
- Next by thread: Re: FC8 and NFS service
- Index(es):
Relevant Pages
|
