Having moved location with this workstation I now need to set up an NFS Client on this machine which is on the same network as my multimedia directory.
In the Yast>Security and Users>Firewall have enabled nfs on the zone I am using and then restarted and enabled the firewall with the following commands:-
sudo systemctl restart nfsserver
sudo systemctl enable nfsserver
So I assumed I was OK but when I go to this workstation and try to add an nfs connection I get the following
No NFS server has been found on your network.
This could be caused by a running firewall,
which probably blocks the network scanning.
Since I had also opened the nfs protocol on the client firewall I was hoping I had done what was necessary. Clearly I am missing something here which has not happened earlier.
Please can somebody advise.
Show us your current firewall configuration (on the server)…
sudo firewall-cmd --list-all
Specify the zone if not the default zone eg
sudo firewall-cmd --list-all --zone home
Also, perhaps share the output from
sudo systemctl status nfsserver
openSUSE reference (server and client configuration notes):
Hi Dean,
Here are the results with one obvious mistake by me:-
alastair@ibmserv2:~> sudo firewall-cmd --list-all
[sudo] password for root:
You're performing an operation over default zone ('public'),
but your connections/interfaces are in zone 'work' (see --get-active-zones)
You most likely need to use --zone=work option.
public
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client ssh
ports: 22161/udp
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
alastair@ibmserv2:~>
alastair@ibmserv2:~> sudo firewall-cmd --list-all --zone work
work (active)
target: default
icmp-block-inversion: no
interfaces: br0 docker0 eth0 eth1
sources:
services: ipp mdns nfs samba slp ssh
ports: 2049/tcp 443/tcp 22/tcp 5353/tcp 3702/udp 631/tcp 9100/tcp 88/tcp 161/tcp 162/tcp 161/udp 162/udp 9100/udp 5353/udp 631/udp 80/tcp
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
alastair@ibmserv2:~>
alastair@ibmserv2:~>
alastair@ibmserv2:~> sudo systemctl status nfsserver
● nfsserver.service - Alias for NFS server
Loaded: loaded (/usr/lib/systemd/system/nfsserver.service; enabled; vendor preset: disabled)
Active: active (exited) since Tue 2023-03-07 20:17:17 GMT; 1h 27min ago
Process: 20718 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 20718 (code=exited, status=0/SUCCESS)
Mar 07 20:17:17 ibmserv2 systemd[1]: Starting Alias for NFS server...
Mar 07 20:17:17 ibmserv2 systemd[1]: Finished Alias for NFS server.
alastair@ibmserv2:~>
You can see I have filled the page with port settings which are almost certainly not required, set up during many many attempts to get printer working.
I may need some help setting the zone interface correctly but have seen your subsequent post and will read. Time for bed here now.
Thanks again,
Alastair.
What does it mean? What program are you using to “add NFS connection”?
And does it (whatever you are doing) work if you stop firewall on server and client?
I have been using Yast>Network Services>NFS Server and NFS Client to try and do this. Sorry I didn’t make that clear. I then used cli to make sure the server was running.
I have been reading and and failing to understand the issues but it does seem that what I have used in the past, ie. on Leap 15.3 or earlier, no longer works in quite the same way.
I have stopped firewalls on both machines and the connection works. What I do not follow is why when I thought I had done it all correctly, I had not been able to work through the firewall. I do not understand the line about performing an operation over default zone, which would be ‘public’ when I thought I had set up my firewall correctly to work on ‘work’ zone. I am missing something clearly when I set this up with the yast tools.
OK, it is just unusual to see “adding connection” in relation to NFS. Anyway, on server side you need also rpc-bind
and mountd
services. If it still does not work after you have added them, show complete output for mount -v ...
from your client mounting server NFS resource.
“Default” zone is the zone which firewalld will be using if no other zone is explicitly given. Which is also documented in man firewall-cmd
.