I have a new problem making an NFS connection between my laptop which is running Tumbleweed and connecting through WiFi to my workstation running Leap15.3 and connecting through lan. If needed I can give details of our network but essentially all devices are on the same subnet.
I believe the problem is with the firewall setup on the workstation and I am including some basic tests here in the hope that somebody will spot my error.
From my laptop with both machine firewalls enabled;-
I can ping the workstation:
alastair@IBMW530:~> ping 192.168.169.134
PING 192.168.169.134 (192.168.169.134) 56(84) bytes of data.
64 bytes from 192.168.169.134: icmp_seq=1 ttl=64 time=8.10 ms
64 bytes from 192.168.169.134: icmp_seq=2 ttl=64 time=3.23 ms
64 bytes from 192.168.169.134: icmp_seq=3 ttl=64 time=3.25 ms
64 bytes from 192.168.169.134: icmp_seq=4 ttl=64 time=3.25 ms
64 bytes from 192.168.169.134: icmp_seq=5 ttl=64 time=3.34 ms
64 bytes from 192.168.169.134: icmp_seq=6 ttl=64 time=5.11 ms
^C
--- 192.168.169.134 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5007ms
rtt min/avg/max/mdev = 3.229/4.380/8.099/1.794 ms
alastair@IBMW530:~>
I am unable to detect the firewall port with nmap:
alastair@IBMW530:~> nmap -sV -p 2049 192.168.169.134
Starting Nmap 7.92 ( https://nmap.org ) at 2022-06-20 18:47 BST
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 0.27 seconds
alastair@IBMW530:~>
My laptop firewall configuration is below:
alastair@IBMW530:~> sudo firewall-cmd --list-all-zones
[sudo] password for root:
block
target: %%REJECT%%
icmp-block-inversion: no
interfaces:
sources:
services:
ports:
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
dmz
target: default
icmp-block-inversion: no
interfaces:
sources:
services:
ports:
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
docker (active)
target: ACCEPT
icmp-block-inversion: no
interfaces: docker0
sources:
services:
ports:
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
drop
target: DROP
icmp-block-inversion: no
interfaces:
sources:
services:
ports:
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
external
target: default
icmp-block-inversion: no
interfaces:
sources:
services:
ports: 1900/udp 9790/tcp 9791/tcp 2049/tcp
protocols:
forward: no
masquerade: yes
forward-ports:
source-ports:
icmp-blocks:
rich rules:
home
target: default
icmp-block-inversion: no
interfaces:
sources:
services: http samba ssh
ports: 1900/udp 9790/tcp 9791/tcp 2049/tcp
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
internal
target: default
icmp-block-inversion: no
interfaces:
sources:
services: http mdns samba-client ssh
ports: 1900/udp 9790/tcp 9791/tcp 2049/tcp
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
nm-shared
target: ACCEPT
icmp-block-inversion: no
interfaces:
sources:
services:
ports: 1900/udp 9790/tcp 9791/tcp 2049/tcp
protocols: icmp ipv6-icmp
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule priority="32767" reject
public
target: default
icmp-block-inversion: no
interfaces:
sources:
services: pcns
ports: 1900/udp 9790/tcp 9791/tcp 1714-1764/tcp 1714-1764/udp
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
trusted
target: ACCEPT
icmp-block-inversion: no
interfaces:
sources:
services:
ports: 1900/udp 9790/tcp 9791/tcp 2049/tcp
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
work (active)
target: default
icmp-block-inversion: no
interfaces: enp0s25 wlp3s0
sources:
services: ftp https nfs ssh
ports: 1900/udp 9790/tcp 9791/tcp 21/tcp 22/tcp 6547/tcp 3052/tcp 3052/udp 6547/udp 2049/tcp
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
alastair@IBMW530:~>
Working through ssh connection to my workstation I have the following results with firewall enabled;
I can ping the laptop:-
alastair@ibmserv2:~> ping 192.168.169.223
PING 192.168.169.223 (192.168.169.223) 56(84) bytes of data.
64 bytes from 192.168.169.223: icmp_seq=1 ttl=64 time=16.0 ms
64 bytes from 192.168.169.223: icmp_seq=2 ttl=64 time=7.32 ms
64 bytes from 192.168.169.223: icmp_seq=3 ttl=64 time=4.26 ms
64 bytes from 192.168.169.223: icmp_seq=4 ttl=64 time=4.87 ms
64 bytes from 192.168.169.223: icmp_seq=5 ttl=64 time=3.77 ms
^C
--- 192.168.169.223 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4006ms
rtt min/avg/max/mdev = 3.770/7.253/16.029/4.555 ms
alastair@ibmserv2:~>
nmap can confirm port on laptop and this tells me the port is closed:
alastair@ibmserv2:~> nmap -sV -p 2049 192.168.169.223
Starting Nmap 7.70 ( https://nmap.org ) at 2022-06-20 19:00 BST
Nmap scan report for 192.168.169.223
Host is up (0.0041s latency).
PORT STATE SERVICE VERSION
2049/tcp closed nfs
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 0.51 seconds
alastair@ibmserv2:~>
and the firewall details are:-
alastair@ibmserv2:~> sudo firewall-cmd --list-all-zones
[sudo] password for root:
block
target: %%REJECT%%
icmp-block-inversion: no
interfaces:
sources:
services:
ports:
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
dmz
target: default
icmp-block-inversion: no
interfaces:
sources:
services: ssh
ports:
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
docker
target: ACCEPT
icmp-block-inversion: no
interfaces:
sources:
services:
ports:
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
drop
target: DROP
icmp-block-inversion: no
interfaces:
sources:
services:
ports:
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
external
target: default
icmp-block-inversion: no
interfaces:
sources:
services: ssh
ports:
protocols:
forward: no
masquerade: yes
forward-ports:
source-ports:
icmp-blocks:
rich rules:
home
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client mdns samba-client ssh
ports:
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
internal
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client mdns samba-client ssh
ports:
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
libvirt
target: ACCEPT
icmp-block-inversion: no
interfaces:
sources:
services: dhcp dhcpv6 dns ssh tftp
ports:
protocols: icmp ipv6-icmp
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule priority="32767" reject
public
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client ssh
ports:
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
trusted
target: ACCEPT
icmp-block-inversion: no
interfaces:
sources:
services:
ports:
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
work (active)
target: default
icmp-block-inversion: no
interfaces: br0 docker0 eth0 eth1
sources:
services: mdns nfs slp ssh
ports: 2049/tcp
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
alastair@ibmserv2:~>
I have been using Yast to implement both the firewall configuration and nfs on both machines and I have not yet spotted the problem because the nmap scan from the workstation tells me that the laptop port is closed. If I turn off the workstation firewall and rebuild the nfs server and the nfs client then I can get a connection. When I then run nmap on the server I still see the port is closed but ths may be my ignorance again.
Please could somebody tell me where I am going wrong.
Budge.