Access denied while mounting nfs share - illegal port

Hi,

I export in my 11.4 machine a directory, which I can successfully import in
my laptop, via nfs. Now I try to import it in a local vmware guest running
12.1, and I get access denied in the guest:


Guest:
> Elanor:~ # mount /var/cache/zypp/nfs_packages
> mount.nfs: access denied by server while mounting Telcontar.valinor:/data/storage_c/repositorios_zypp

Host and server:
> <3.4> 2011-12-12 01:05:17 Telcontar rpc.mountd 9540 - -  refused mount request from 192.168.1.14 for /data/storage_c/repositorios_zypp (/data/storage_c/repositorios_zypp): illegal port 35298


exports:
> /data/storage_c/repositorios_zypp/                      192.168.1.0/24(fsid=1234,rw,no_root_squash,nohide,no_subtree_check) 172.16.108.0/24(fsid=1234,rw,no_root_squash,nohide,no_subtree_check)  192.168.74.0/24(fsid=1234,rw,no_root_squash,nohide,no_subtree_check)  127.0.0.1(fsid=1234,rw,no_root_squash,nohide,no_subtree_check)

import (fstab):
> Telcontar.valinor:/data/storage_c/repositorios_zypp    /var/cache/zypp/nfs_packages    nfs     defaults,_netdev 0 0


Both firewalls are dropped.


Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)

On Mon, 12 Dec 2011 00:28:06 +0000, Carlos E. R. wrote:

> I export in my 11.4 machine a directory, which I can successfully import
> in my laptop, via nfs. Now I try to import it in a local vmware guest
> running 12.1, and I get access denied in the guest:

Is the client’s name resolvable by the host? I’ve found that NFS
typically wants name resolution for clients connecting to it, and if it
can’t get that, then it will deny access.

An entry in the hosts file is usually sufficient for me.

Jim


Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

On 2011-12-12 07:01, Jim Henderson wrote:
> On Mon, 12 Dec 2011 00:28:06 +0000, Carlos E. R. wrote:
>
>> I export in my 11.4 machine a directory, which I can successfully import
>> in my laptop, via nfs. Now I try to import it in a local vmware guest
>> running 12.1, and I get access denied in the guest:
>
> Is the client’s name resolvable by the host? I’ve found that NFS
> typically wants name resolution for clients connecting to it, and if it
> can’t get that, then it will deny access.

Actually it was, in named, but to the wrong address. Changed it, no effect.

The server (rpc.mountd) denies access due to “illegal port 39700”.


Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)

Carlos E. R. wrote:
> The server (rpc.mountd) denies access due to “illegal port 39700”.

The first hit I looked at from google says “Add insecure option in your
exports file”

http://unixuptime.com/forum/?p=126

HTH, Dave

On 2011-12-12 12:24, Dave Howorth wrote:
> Carlos E. R. wrote:
>> The server (rpc.mountd) denies access due to “illegal port 39700”.
>
> The first hit I looked at from google says “Add insecure option in your
> exports file”

You are right… but why does it work for my laptop, which goes over wifi
and is more “insecure”, and doesn’t go from host to guest in the same machine?

Ah, well, it relates to using ports below 1024 or above. Funny.

Anyway, the question re the laptop stands. The difference I can see is the
laptop uses 11.4 and the guest 12.1. I never had this problem in years…

> http://unixuptime.com/forum/?p=126

Yep, thanks.


Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)

Carlos E. R. wrote:
> On 2011-12-12 12:24, Dave Howorth wrote:
>> Carlos E. R. wrote:
>>> The server (rpc.mountd) denies access due to “illegal port 39700”.
>> The first hit I looked at from google says “Add insecure option in your
>> exports file”
>
> You are right… but why does it work for my laptop, which goes over wifi
> and is more “insecure”, and doesn’t go from host to guest in the same machine?
>
> Ah, well, it relates to using ports below 1024 or above. Funny.
>
> Anyway, the question re the laptop stands. The difference I can see is the
> laptop uses 11.4 and the guest 12.1. I never had this problem in years…

Dunno. Perhaps VMs can’t use low-numbered ports for some reason? Or
maybe it is indeed a version ‘feature’. Are you using nfs 3 or 4, tcp or
udp? And the same for both connections? What does /proc/mounts say about
the options in use? And is there anything useful in /proc/fs/nfs* on
server or clients?

On 2011-12-12 13:14, Dave Howorth wrote:
> Dunno. Perhaps VMs can’t use low-numbered ports for some reason? Or
> maybe it is indeed a version ‘feature’. Are you using nfs 3 or 4, tcp or
> udp? And the same for both connections? What does /proc/mounts say about
> the options in use? And is there anything useful in /proc/fs/nfs* on
> server or clients?

Version 4. The configuration is the same on both client sides, I believe.
I’ll have to check again. I’m not sure how to find out about tcp/udp. Ah,
yes, tcp (output of mount):


12.1 guest:
Telcontar.valinor:/data/storage_c/repositorios_zypp/ on
/var/cache/zypp/nfs_packages type nfs4
(rw,relatime,vers=4,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.74.131,minorversion=0,local_lock=none,addr=192.168.1.14)

11.4 laptop:
192.168.1.14:/data/storage_c/repositorios_zypp/ on
/var/cache/zypp/nfs_packages type nfs4
(rw,relatime,vers=4,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.1.129,minorversion=0,local_lock=none,addr=192.168.1.14)



Same options…

What remains is learning what ports are both using.


Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)