Page 1 of 5 123 ... LastLast
Results 1 to 10 of 45

Thread: Unable to make NFS connection from laptop.

  1. #1
    Join Date
    Nov 2008
    Posts
    2,393
    Blog Entries
    1

    Default Unable to make NFS connection from laptop.

    I have a new problem making an NFS connection between my laptop which is running Tumbleweed and connecting through WiFi to my workstation running Leap15.3 and connecting through lan. If needed I can give details of our network but essentially all devices are on the same subnet.

    I believe the problem is with the firewall setup on the workstation and I am including some basic tests here in the hope that somebody will spot my error.

    From my laptop with both machine firewalls enabled;-
    I can ping the workstation:

    Code:
    alastair@IBMW530:~> ping 192.168.169.134 
    PING 192.168.169.134 (192.168.169.134) 56(84) bytes of data. 
    64 bytes from 192.168.169.134: icmp_seq=1 ttl=64 time=8.10 ms 
    64 bytes from 192.168.169.134: icmp_seq=2 ttl=64 time=3.23 ms 
    64 bytes from 192.168.169.134: icmp_seq=3 ttl=64 time=3.25 ms 
    64 bytes from 192.168.169.134: icmp_seq=4 ttl=64 time=3.25 ms 
    64 bytes from 192.168.169.134: icmp_seq=5 ttl=64 time=3.34 ms 
    64 bytes from 192.168.169.134: icmp_seq=6 ttl=64 time=5.11 ms 
    ^C 
    --- 192.168.169.134 ping statistics --- 
    6 packets transmitted, 6 received, 0% packet loss, time 5007ms 
    rtt min/avg/max/mdev = 3.229/4.380/8.099/1.794 ms 
    alastair@IBMW530:~> 
    
    I am unable to detect the firewall port with nmap:

    Code:
    alastair@IBMW530:~> nmap -sV -p 2049 192.168.169.134 
    Starting Nmap 7.92 ( https://nmap.org ) at 2022-06-20 18:47 BST 
    Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn 
    Nmap done: 1 IP address (0 hosts up) scanned in 0.27 seconds 
    alastair@IBMW530:~> 
    
    My laptop firewall configuration is below:

    Code:
    alastair@IBMW530:~> sudo firewall-cmd --list-all-zones                                                          
    [sudo] password for root:
    block 
      target: %%REJECT%% 
      icmp-block-inversion: no 
      interfaces:  
      sources:  
      services:  
      ports:  
      protocols:  
      forward: yes 
      masquerade: no 
      forward-ports:  
      source-ports:  
      icmp-blocks:  
      rich rules:  
    
    dmz 
      target: default 
      icmp-block-inversion: no 
      interfaces:  
      sources:  
      services:  
      ports:  
      protocols:  
      forward: yes 
      masquerade: no 
      forward-ports:  
      source-ports:  
      icmp-blocks:  
      rich rules:  
    
    docker (active) 
      target: ACCEPT 
      icmp-block-inversion: no 
      interfaces: docker0 
      sources:  
      services:  
      ports:  
      protocols:  
      forward: no 
      masquerade: no 
      forward-ports:  
      source-ports:  
      icmp-blocks:  
      rich rules:  
    
    drop 
      target: DROP 
      icmp-block-inversion: no 
      interfaces:  
      sources:  
      services:  
      ports:  
      protocols:  
      forward: yes 
      masquerade: no 
      forward-ports:  
      source-ports:  
      icmp-blocks:  
      rich rules:  
    
    external 
      target: default 
      icmp-block-inversion: no 
      interfaces:  
      sources:  
      services:  
      ports: 1900/udp 9790/tcp 9791/tcp 2049/tcp 
      protocols:  
      forward: no 
      masquerade: yes 
      forward-ports:  
      source-ports:  
      icmp-blocks:  
      rich rules:  
    
    home 
      target: default 
      icmp-block-inversion: no 
      interfaces:  
      sources:  
      services: http samba ssh 
      ports: 1900/udp 9790/tcp 9791/tcp 2049/tcp 
      protocols:  
      forward: no 
      masquerade: no 
      forward-ports:  
      source-ports:  
      icmp-blocks:  
      rich rules:  
    
    internal 
      target: default 
      icmp-block-inversion: no 
      interfaces:  
      sources:  
      services: http mdns samba-client ssh 
      ports: 1900/udp 9790/tcp 9791/tcp 2049/tcp 
      protocols:  
      forward: no 
      masquerade: no 
      forward-ports:  
      source-ports:  
      icmp-blocks:  
      rich rules:  
    
    nm-shared 
      target: ACCEPT 
      icmp-block-inversion: no 
      interfaces:  
      sources:  
      services:  
      ports: 1900/udp 9790/tcp 9791/tcp 2049/tcp 
      protocols: icmp ipv6-icmp 
      forward: no 
      masquerade: no 
      forward-ports:  
      source-ports:  
      icmp-blocks:  
      rich rules:  
            rule priority="32767" reject 
    
    public 
      target: default 
      icmp-block-inversion: no 
      interfaces:  
      sources:  
      services: pcns 
      ports: 1900/udp 9790/tcp 9791/tcp 1714-1764/tcp 1714-1764/udp 
      protocols:  
      forward: no 
      masquerade: no 
      forward-ports:  
      source-ports:  
      icmp-blocks:  
      rich rules:  
    
    trusted 
      target: ACCEPT 
      icmp-block-inversion: no 
      interfaces:  
      sources:  
      services:  
      ports: 1900/udp 9790/tcp 9791/tcp 2049/tcp 
      protocols:  
      forward: no 
      masquerade: no 
      forward-ports:  
      source-ports:  
      icmp-blocks:  
      rich rules:  
    
    work (active) 
      target: default 
      icmp-block-inversion: no 
      interfaces: enp0s25 wlp3s0 
      sources:  
      services: ftp https nfs ssh 
      ports: 1900/udp 9790/tcp 9791/tcp 21/tcp 22/tcp 6547/tcp 3052/tcp 3052/udp 6547/udp 2049/tcp 
      protocols:  
      forward: no 
      masquerade: no 
      forward-ports:  
      source-ports:  
      icmp-blocks:  
      rich rules:  
    
    alastair@IBMW530:~> 
    
    Working through ssh connection to my workstation I have the following results with firewall enabled;

    I can ping the laptop:-

    Code:
    alastair@ibmserv2:~> ping 192.168.169.223 
    PING 192.168.169.223 (192.168.169.223) 56(84) bytes of data. 
    64 bytes from 192.168.169.223: icmp_seq=1 ttl=64 time=16.0 ms 
    64 bytes from 192.168.169.223: icmp_seq=2 ttl=64 time=7.32 ms 
    64 bytes from 192.168.169.223: icmp_seq=3 ttl=64 time=4.26 ms 
    64 bytes from 192.168.169.223: icmp_seq=4 ttl=64 time=4.87 ms 
    64 bytes from 192.168.169.223: icmp_seq=5 ttl=64 time=3.77 ms 
    ^C 
    --- 192.168.169.223 ping statistics --- 
    5 packets transmitted, 5 received, 0% packet loss, time 4006ms 
    rtt min/avg/max/mdev = 3.770/7.253/16.029/4.555 ms 
    alastair@ibmserv2:~> 
    
    
    
    nmap can confirm port on laptop and this tells me the port is closed:

    Code:
    alastair@ibmserv2:~> nmap -sV -p 2049 192.168.169.223 
    Starting Nmap 7.70 ( https://nmap.org ) at 2022-06-20 19:00 BST 
    Nmap scan report for 192.168.169.223 
    Host is up (0.0041s latency). 
    
    PORT     STATE  SERVICE VERSION 
    2049/tcp closed nfs 
    
    Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . 
    Nmap done: 1 IP address (1 host up) scanned in 0.51 seconds 
    alastair@ibmserv2:~> 
    
    
    and the firewall details are:-

    Code:
    alastair@ibmserv2:~> sudo firewall-cmd --list-all-zones 
    [sudo] password for root:  
    block 
      target: %%REJECT%% 
      icmp-block-inversion: no 
      interfaces:  
      sources:  
      services:  
      ports:  
      protocols:  
      forward: no 
      masquerade: no 
      forward-ports:  
      source-ports:  
      icmp-blocks:  
      rich rules:  
    
    dmz 
      target: default 
      icmp-block-inversion: no 
      interfaces:  
      sources:  
      services: ssh 
      ports:  
      protocols:  
      forward: no 
      masquerade: no 
      forward-ports:  
      source-ports:  
      icmp-blocks:  
      rich rules:  
    
    docker 
      target: ACCEPT 
      icmp-block-inversion: no 
      interfaces:  
      sources:  
      services:  
      ports:  
      protocols:  
      forward: no 
      masquerade: no 
      forward-ports:  
      source-ports:  
      icmp-blocks:  
      rich rules:  
    
    drop 
      target: DROP 
      icmp-block-inversion: no 
      interfaces:  
      sources:  
      services:  
      ports:  
      protocols:  
      forward: no 
      masquerade: no 
      forward-ports:  
      source-ports:  
      icmp-blocks:  
      rich rules:  
    
    external 
      target: default 
      icmp-block-inversion: no 
      interfaces:  
      sources:  
      services: ssh 
      ports:  
      protocols:  
      forward: no 
      masquerade: yes 
      forward-ports:  
      source-ports:  
      icmp-blocks:  
      rich rules:  
    
    home 
      target: default 
      icmp-block-inversion: no 
      interfaces:  
      sources:  
      services: dhcpv6-client mdns samba-client ssh 
      ports:  
      protocols:  
      forward: no 
      masquerade: no 
      forward-ports:  
      source-ports:  
      icmp-blocks:  
      rich rules:  
    
    internal 
      target: default 
      icmp-block-inversion: no 
      interfaces:  
      sources:  
      services: dhcpv6-client mdns samba-client ssh 
      ports:  
      protocols:  
      forward: no 
      masquerade: no 
      forward-ports:  
      source-ports:  
      icmp-blocks:  
      rich rules:  
    
    libvirt 
      target: ACCEPT 
      icmp-block-inversion: no 
      interfaces:  
      sources:  
      services: dhcp dhcpv6 dns ssh tftp 
      ports:  
      protocols: icmp ipv6-icmp 
      forward: no 
      masquerade: no 
      forward-ports:  
      source-ports:  
      icmp-blocks:  
      rich rules:  
            rule priority="32767" reject 
    
    public 
      target: default 
      icmp-block-inversion: no 
      interfaces:  
      sources:  
      services: dhcpv6-client ssh 
      ports:  
      protocols:  
      forward: no 
      masquerade: no 
      forward-ports:  
      source-ports:  
      icmp-blocks:  
      rich rules:  
    
    trusted 
      target: ACCEPT 
      icmp-block-inversion: no 
      interfaces:  
      sources:  
      services:  
      ports:  
      protocols:  
      forward: no 
      masquerade: no 
      forward-ports:  
      source-ports:  
      icmp-blocks:  
      rich rules:  
    
    work (active) 
      target: default 
      icmp-block-inversion: no 
      interfaces: br0 docker0 eth0 eth1 
      sources:  
      services: mdns nfs slp ssh 
      ports: 2049/tcp 
      protocols:  
      forward: no 
      masquerade: no 
      forward-ports:  
      source-ports:  
      icmp-blocks:  
      rich rules:  
    
    alastair@ibmserv2:~> 
    
    I have been using Yast to implement both the firewall configuration and nfs on both machines and I have not yet spotted the problem because the nmap scan from the workstation tells me that the laptop port is closed. If I turn off the workstation firewall and rebuild the nfs server and the nfs client then I can get a connection. When I then run nmap on the server I still see the port is closed but ths may be my ignorance again.

    Please could somebody tell me where I am going wrong.
    Budge.

  2. #2
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    30,906

    Default Re: Unable to make NFS connection from laptop.

    I see a lot about firewalls, but nothing about NFS. Not even why you think "I have a new problem making an NFS connection ". What do you do, what do you get?

    What do you export (on the server):
    Code:
    cat /etc/exports
    What do you mount (on the client):
    Code:
    grep nfs /etc/fstab
    Henk van Velden

  3. #3
    Join Date
    Nov 2008
    Posts
    2,393
    Blog Entries
    1

    Default Re: Unable to make NFS connection from laptop.

    Hi Henk, thanks for getting back to me.
    From the server I have:-

    Code:
    alastair@ibmserv2:~> cat /etc/exports 
    /home/alastair/Mastermedia/multimedia   *(rw,root_squash,sync,no_subtree_check) 
    alastair@ibmserv2:~> 
    
    and from the client I have:-

    Code:
    alastair@IBMW530:~> grep nfs /etc/fstab 
    192.168.169.134:/multimedia                /home/alastair/NFS_Multimedia_NFS  nfsnfsvers=4.2                   0 
     0 
    alastair@IBMW530:~> 
    
    Does this seem right.

  4. #4
    Join Date
    Jun 2011
    Location
    Germany
    Posts
    709

    Default Re: Unable to make NFS connection from laptop.

    Hi Budge,

    Shouldn't there be a space after the first "nfs" like "nfs nfsvers=4.2"? Else, are you sure client and server are using the same nfs version? What if you just skip that part "nfsvers=4.2"?

  5. #5
    Join Date
    Sep 2012
    Posts
    7,844

    Default Re: Unable to make NFS connection from laptop.

    Quote Originally Posted by Budgie2 View Post
    I believe the problem is with the firewall setup
    Why? What tests you performed to come to this conclusion?
    ...
    My laptop firewall configuration is below:
    ...
    and the firewall details are:-
    ...
    Without knowing which interfaces are actually used for communication between two systems firewall configuration cannot be evaluated. You always needs to show at least
    Code:
    ip address show
    ip route show
    ip -6 route show

  6. #6
    Join Date
    Nov 2008
    Posts
    2,393
    Blog Entries
    1

    Default Re: Unable to make NFS connection from laptop.

    Quote Originally Posted by kasi042 View Post
    Hi Budge,

    Shouldn't there be a space after the first "nfs" like "nfs nfsvers=4.2"? Else, are you sure client and server are using the same nfs version? What if you just skip that part "nfsvers=4.2"?
    This could be an issue but all the work had been done using Yast rather than cli.

    My reason for using the force the v4.2 is that only if that is forced is the share visible. Using yast to set up the client if I do not use the v4.2 option I cannot create the connection. I can have a look at this again now you have drawn my attention to this. Thanks.

  7. #7
    Join Date
    Nov 2008
    Posts
    2,393
    Blog Entries
    1

    Default Re: Unable to make NFS connection from laptop.

    Quote Originally Posted by arvidjaar View Post
    Why? What tests you performed to come to this conclusion?

    Without knowing which interfaces are actually used for communication between two systems firewall configuration cannot be evaluated. You always needs to show at least
    Code:
    ip address show
    ip route show
    ip -6 route show
    Hi arvidjaar, I have described with above details what I have tried so far and are what have led me to my conclusion. In short the NFS connection can be made successfully if I stop the firewall on the server and not if both firewalls are running.

    I appreciate that this may only be an indicator and not the cause, which is why I have posted here.

    The interface info is partly available in the above info on firewall configuration but here is the additional info from the server.


    Code:
    alastair@ibmserv2:~> ip route show 
    default via 192.168.169.129 dev eth0 
    192.168.169.128/25 dev eth0 proto kernel scope link src 192.168.169.134 
    alastair@ibmserv2:~>  
    alastair@ibmserv2:~> ip -6 route show 
    ::1 dev lo proto kernel metric 256 pref medium 
    fe80::/64 dev eth0 proto kernel metric 256 pref medium 
    fe80::/64 dev br0 proto kernel metric 256 pref medium 
    alastair@ibmserv2:~> 
    
    
    I confess I have ipv6 turned off in most situations as many of my devices are not ipv6 capable and I know absolutely nothing about ipv6.

    I shall have to post separately for the laptop as it is not with me and it is turned off so I shall send the laptop info shortly.

    Hope this helps.

  8. #8
    Join Date
    Nov 2008
    Posts
    2,393
    Blog Entries
    1

    Default Re: Unable to make NFS connection from laptop.

    Further to my last post, here are the details from the laptop:-

    Code:
    alastair@IBMW530:~> ip route show 
    default via 192.168.169.129 dev wlp3s0 proto dhcp src 192.168.169.223 metric 600  
    192.168.169.128/25 dev wlp3s0 proto static scope link metric 600  
    192.168.169.128/25 dev wlp3s0 proto kernel scope link src 192.168.169.223 metric 600  
    alastair@IBMW530:~> ip -6 route show 
    fe80::/64 dev wlp3s0 proto kernel metric 1024 pref medium 
    alastair@IBMW530:~> 
    
    Please let me know if you need more info.

  9. #9
    Join Date
    Nov 2008
    Posts
    2,393
    Blog Entries
    1

    Default Re: Unable to make NFS connection from laptop.

    Is there anything else I can try and is anybody still looking into this please?
    Budge.

  10. #10
    Join Date
    Jan 2014
    Location
    Erlangen
    Posts
    3,991

    Default Re: Unable to make NFS connection from laptop.

    Configuring nfs with yast2 nfs_server is straight forward. That's all I needed to do here. Details of firewall configuration: https://unix.stackexchange.com/quest...-and-firewalld
    i7-6700K (2016), i5-8250U (2018), AMD Ryzen 5 3400G (2020), 5600X (2022) openSUSE Tumbleweed, KDE Plasma

Page 1 of 5 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •