Lost NFS connection and cannot restore.

I have two Leap 15.3 machines on the same subnet, one serving multimedia on NFS and one connected as a NFS client and all had been well until recently when I switched from Network Manager to Wicked, set static IPs and installed KVM and several VMs.

At some point in this process I have lost my NFS connection, which was understandable. I therefore tried to re-build the NFS server and NFS client connection using Yast.

I have followed the opensuse documentation guide using nfsv4 and using IP address rather than names, all as before. I have I believe opened the firewall on the lan connections, both using br0 and “work” for the zones with ssh, nfs, mdns and slp services enabled but I have not set any specific ports.

When I try and set up the client the scanning fails to find the server on the network.

Where am I going wrong please.
Budge

Have you tried stopping the firewall briefly to test?

Show us

sudo firewall-cmd --list-all-zones

Can you ping the server from the client successfully?

ping <server IP address>

Using nmap (install it if required), check from client that server port is reported as open…

nmap -sV -p 2049 <server IP address>

The following thread may be worth a read…
https://forums.opensuse.org/showthread.php/555943-How-to-set-up-NFSv4-Server-through-YaST2?highlight=NFSv4

Hi deano,
Many thanks for your help. I have read the thread in the link you posted but will need to study it more closely. Meanwhile this is what I have from the server on which I normally work:-

alastair@ibmserv2:~> sudo firewall-cmd --list-all-zones 
[sudo] password for root:  
block 
  target: %%REJECT%% 
  icmp-block-inversion: no 
  interfaces:  
  sources:  
  services:  
  ports:  
  protocols:  
  forward: no 
  masquerade: no 
  forward-ports:  
  source-ports:  
  icmp-blocks:  
  rich rules:  

dmz 
  target: default 
  icmp-block-inversion: no 
  interfaces:  
  sources:  
  services: ssh 
  ports:  
  protocols:  
  forward: no 
  masquerade: no 
  forward-ports:  
  source-ports:  
  icmp-blocks:  
  rich rules:  

docker (active) 
  target: ACCEPT 
  icmp-block-inversion: no 
  interfaces: docker0 
  sources:  
  services:  
  ports:  
  protocols:  
  forward: no 
  masquerade: no 
  forward-ports:  
  source-ports:  
  icmp-blocks:  
  rich rules:  

drop 
  target: DROP 
  icmp-block-inversion: no 
  interfaces:  
  sources:  
  services:  
  ports:  
  protocols:  
  forward: no 
  masquerade: no 
  forward-ports:  
  source-ports:  
  icmp-blocks:  
  rich rules:  

external 
  target: default 
  icmp-block-inversion: no 
  interfaces:  
  sources:  
  services: ssh 
  ports:  
  protocols:  
  forward: no 
  masquerade: yes 
  forward-ports:  
  source-ports:  
  icmp-blocks:  
  rich rules:  

home 
  target: default 
  icmp-block-inversion: no 
  interfaces:  
  sources:  
  services: dhcpv6-client mdns samba-client ssh 
  ports:  
  protocols:  
  forward: no 
  masquerade: no 
  forward-ports:  
  source-ports:  
  icmp-blocks:  
  rich rules:  

internal 
  target: default 
  icmp-block-inversion: no 
  interfaces:  
  sources:  
  services: dhcpv6-client mdns samba-client ssh 
  ports:  
  protocols:  
  forward: no 
  masquerade: no 
  forward-ports:  
  source-ports:  
  icmp-blocks:  
  rich rules:  

libvirt 
  target: ACCEPT 
  icmp-block-inversion: no 
  interfaces:  
  sources:  
  services: dhcp dhcpv6 dns ssh tftp 
  ports:  
  protocols: icmp ipv6-icmp 
  forward: no 
  masquerade: no 
  forward-ports:  
  source-ports:  
  icmp-blocks:  
  rich rules:  
        rule priority="32767" reject 

public (active) 
  target: default 
  icmp-block-inversion: no 
  interfaces: br0 
  sources:  
  services: dhcpv6-client ssh 
  ports:  
  protocols:  
  forward: no 
  masquerade: no 
  forward-ports:  
  source-ports:  
  icmp-blocks:  
  rich rules:  

trusted 
  target: ACCEPT 
  icmp-block-inversion: no 
  interfaces:  
  sources:  
  services:  
  ports:  
  protocols:  
  forward: no 
  masquerade: no 
  forward-ports:  
  source-ports:  
  icmp-blocks:  
  rich rules:  

work (active) 
  target: default 
  icmp-block-inversion: no 
  interfaces: eth0 
  sources:  
  services: mdns nfs slp ssh 
  ports:  
  protocols:  
  forward: no 
  masquerade: no 
  forward-ports:  
  source-ports:  
  icmp-blocks:  
  rich rules:  

alastair@ibmserv2:~> ping 192.168.169.134 
PING 192.168.169.134 (192.168.169.134) 56(84) bytes of data. 
64 bytes from 192.168.169.134: icmp_seq=1 ttl=64 time=0.055 ms 
64 bytes from 192.168.169.134: icmp_seq=2 ttl=64 time=0.038 ms 
64 bytes from 192.168.169.134: icmp_seq=3 ttl=64 time=0.038 ms 
64 bytes from 192.168.169.134: icmp_seq=4 ttl=64 time=0.036 ms 
^C 
--- 192.168.169.134 ping statistics --- 
4 packets transmitted, 4 received, 0% packet loss, time 3060ms 
rtt min/avg/max/mdev = 0.036/0.041/0.055/0.011 ms 
alastair@ibmserv2:~> nmap -sV -p 2049 192.168.169.134 
Starting Nmap 7.70 ( https://nmap.org ) at 2022-05-08 12:07 BST 
Nmap scan report for 192.168.169.134 
Host is up (0.00015s latency). 

PORT     STATE SERVICE VERSION 
2049/tcp open  nfs     3-4 (RPC #100003) 

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . 
Nmap done: 1 IP address (1 host up) scanned in 6.45 seconds 
alastair@ibmserv2:~> 

On a client machine with firewall stopped I still cannot create a connection to the server. I can see the NAS boxes which are also servers but not looking for them here!

With firewall stopped on server I can see and create the NFS connection as usual. I conclude it is a firewall issue but…

Will read the linked thread again.

You were requested to do it on client. Showing that server can ping itself does not help in any way.

alastair@ibmserv2:~> nmap -sV -p 2049 192.168.169.134

Ditto.

With firewall stopped on server I can see and create the NFS connection as usual. I conclude it is a firewall issue but…

There is one zone that includes NFS service (port 2049). But we have no idea what zone is used for communication between your NFS server and NFS client. You provided zero information so far. Explain your network layout, which interface is used for communication between client and server. What IP address client has, what IP address server has. Show output of “ip address show”.

Hi well I have read the thread but it doesn’t make it much easier. It would help for simple folk like me to have a line by line instruction on how I can get this working. If the tool, in this case Yast, is the “go to” for me it should just work.
I had forgotten the simple requirement which I actually reported myself. Getting senile but there really should be a way of preventing this happening. The Yast tool is flawed in this.
Many thanks again for all the reminders, including to myself!!!

Sorry if I had been making a meal of this. I am working on two machines which are on the same network but only one screen with KVM switch and can toggle between each machine connection. Both are using Leap 15.3 and many windows appear identical so I included the ping on the server machine so that I could be sure it was indeed the right machine when checking the various issues. I then switched to the client and after another think remembered the solution so I was able to stop wasting your time. I confess I did not sign off correctly on this thread but did leave the plea for others. Please forgive me and many thanks for your help once more.
Budge.

I am sorry to have to revisit this thread but I have now lost my NFS connection.
My nfs server is running on Leap 15.3 and was set up using Yast using the force NFSv4.2 option on the server.
My connection on the server is using lan with network set up using Wicked.
Working through ssh connection I have:-

alastair@ibmserv2:~> sudo firewall-cmd --list-all-zones 
[sudo] password for root:  
block 
  target: %%REJECT%% 
  icmp-block-inversion: no 
  interfaces:  
  sources:  
  services:  
  ports:  
  protocols:  
  forward: no 
  masquerade: no 
  forward-ports:  
  source-ports:  
  icmp-blocks:  
  rich rules:  

dmz 
  target: default 
  icmp-block-inversion: no 
  interfaces:  
  sources:  
  services: ssh 
  ports:  
  protocols:  
  forward: no 
  masquerade: no 
  forward-ports:  
  source-ports:  
  icmp-blocks:  
  rich rules:  

docker (active) 
  target: ACCEPT 
  icmp-block-inversion: no 
  interfaces: docker0 
  sources:  
  services:  
  ports:  
  protocols:  
  forward: no 
  masquerade: no 
  forward-ports:  
  source-ports:  
  icmp-blocks:  
  rich rules:  

drop 
  target: DROP 
  icmp-block-inversion: no 
  interfaces:  
  sources:  
  services:  
  ports:  
  protocols:  
  forward: no 
  masquerade: no 
  forward-ports:  
  source-ports:  
  icmp-blocks:  
  rich rules:  

external 
  target: default 
  icmp-block-inversion: no 
  interfaces:  
  sources:  
  services: ssh 
  ports:  
  protocols:  
  forward: no 
  masquerade: yes 
  forward-ports:  
  source-ports:  
  icmp-blocks:  
  rich rules:  

home 
  target: default 
  icmp-block-inversion: no 
  interfaces:  
  sources:  
  services: dhcpv6-client mdns samba-client ssh 
  ports:  
  protocols:  
  forward: no 
  masquerade: no 
  forward-ports:  
  source-ports:  
  icmp-blocks:  
  rich rules:  

internal 
  target: default 
  icmp-block-inversion: no 
  interfaces:  
  sources:  
  services: dhcpv6-client mdns samba-client ssh 
  ports:  
  protocols:  
  forward: no 
  masquerade: no 
  forward-ports:  
  source-ports:  
  icmp-blocks:  
  rich rules:  

libvirt 
  target: ACCEPT 
  icmp-block-inversion: no 
  interfaces:  
  sources:  
  services: dhcp dhcpv6 dns ssh tftp 
  ports:  
  protocols: icmp ipv6-icmp 
  forward: no 
  masquerade: no 
  forward-ports:  
  source-ports:  
  icmp-blocks:  
  rich rules:  
        rule priority="32767" reject 

public 
  target: default 
  icmp-block-inversion: no 
  interfaces:  
  sources:  
  services: dhcpv6-client ssh 
  ports:  
  protocols:  
  forward: no 
  masquerade: no 
  forward-ports:  
  source-ports:  
  icmp-blocks:  
  rich rules:  

trusted 
  target: ACCEPT 
  icmp-block-inversion: no 
  interfaces:  
  sources:  
  services:  
  ports:  
  protocols:  
  forward: no 
  masquerade: no 
  forward-ports:  
  source-ports:  
  icmp-blocks:  
  rich rules:  

work (active) 
  target: default 
  icmp-block-inversion: no 
  interfaces: br0 eth0 eth1 
  sources:  
  services: mdns nfs slp ssh 
  ports: 2049/tcp 
  protocols:  
  forward: no 
  masquerade: no 
  forward-ports:  
  source-ports:  
  icmp-blocks:  
  rich rules:  

alastair@ibmserv2:~> 

A recent change to the server was when I was starting with virtual machines but I am not, afaik using any virtual machine at the moment.

From my laptop with wifi connection and using Network Manager I can ping the server but the nmap scan doesn’t work although I know that port 2049 is opened on the server in the “work” interface.

Here are the results on my laptop client machine:-

alastair@IBMW530:~> ping 192.168.169.134 
PING 192.168.169.134 (192.168.169.134) 56(84) bytes of data. 
64 bytes from 192.168.169.134: icmp_seq=1 ttl=64 time=5.84 ms 
64 bytes from 192.168.169.134: icmp_seq=2 ttl=64 time=3.22 ms 
64 bytes from 192.168.169.134: icmp_seq=3 ttl=64 time=3.25 ms 
64 bytes from 192.168.169.134: icmp_seq=4 ttl=64 time=3.26 ms 
64 bytes from 192.168.169.134: icmp_seq=5 ttl=64 time=3.26 ms 
^C 
--- 192.168.169.134 ping statistics --- 
5 packets transmitted, 5 received, 0% packet loss, time 4007ms 
rtt min/avg/max/mdev = 3.224/3.767/5.843/1.037 ms 
alastair@IBMW530:~> nmap -sV -p 2049 192.168.169.134   
Starting Nmap 7.92 ( https://nmap.org ) at 2022-06-19 19:43 BST 
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn 
Nmap done: 1 IP address (0 hosts up) scanned in 0.23 seconds 
alastair@IBMW530:~> 

What am I missing please?
Budge.