NFS servers and firewalld

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP












14















I haven't found a slam-dunk document on this, so let's start one.



On a CentOS 7.1 host, I have gone through the linuxconfig HOW-TO, including the firewall-cmd entries, and I have an exportable filesystem.



[root@<server> ~]# firewall-cmd --list-all
internal (default, active)
interfaces: enp5s0
sources: 192.168.10.0/24
services: dhcpv6-client ipp-client mdns ssh
ports: 2049/tcp
masquerade: no
forward-ports:
rich rules:

[root@<server> ~]# showmount -e localhost
Export list for localhost:
/export/home/<user> *.localdomain


However, if I showmount from the client, I still have a problem.



[root@<client> ~]# showmount -e <server>.localdomain
clnt_create: RPC: Port mapper failure - Unable to receive: errno 113 (No route to host)


Now, how am I sure that this is a firewall problem? Easy. Turn off the firewall. Server side:



[root@<server> ~]# systemctl stop firewalld


And client side:



[root@<client> ~]# showmount -e <server>.localdomain
Export list for <server>.localdomain:
/export/home/<server> *.localdomain


Restart firewalld. Server side:



[root@<server> ~]# systemctl start firewalld


And client side:



[root@<client> ~]# showmount -e <server>.localdomain
clnt_create: RPC: Port mapper failure - Unable to receive: errno 113 (No route to host)


So, let's go to town, by adapting the iptables commands from a RHEL 6 NFS server HOW-TO...



[root@ ~]# firewall-cmd 
> --add-port=111/tcp
> --add-port=111/udp
> --add-port=892/tcp
> --add-port=892/udp
> --add-port=875/tcp
> --add-port=875/udp
> --add-port=662/tcp
> --add-port=662/udp
> --add-port=32769/udp
> --add-port=32803/tcp
success

[root@<server> ~]# firewall-cmd
> --add-port=111/tcp
> --add-port=111/udp
> --add-port=892/tcp
> --add-port=892/udp
> --add-port=875/tcp
> --add-port=875/udp
> --add-port=662/tcp
> --add-port=662/udp
> --add-port=32769/udp
> --add-port=32803/tcp
> --permanent
success

[root@<server> ~]# firewall-cmd --list-all
internal (default, active)
interfaces: enp5s0
sources: 192.168.0.0/24
services: dhcpv6-client ipp-client mdns ssh
ports: 32803/tcp 662/udp 662/tcp 111/udp 875/udp 32769/udp 875/tcp 892/udp 2049/tcp 892/tcp 111/tcp
masquerade: no
forward-ports:
rich rules:


This time, I get a slightly different error message from the client:



[root@<client> ~]# showmount -e <server>.localdomain
rpc mount export: RPC: Unable to receive; errno = No route to host


So, I know I'm on the right track. Having said that, why can't I find a definitive tutorial on this anywhere? I can't have been the first person to have to figure this out!



What firewall-cmd entries am I missing?



Oh, one other note. My /etc/sysconfig/nfs files on the CentOS 6 client and the CentOS 7 server are unmodified, so far. I would prefer to not have to change (and maintain!) them, if at all possible.










share|improve this question




























    14















    I haven't found a slam-dunk document on this, so let's start one.



    On a CentOS 7.1 host, I have gone through the linuxconfig HOW-TO, including the firewall-cmd entries, and I have an exportable filesystem.



    [root@<server> ~]# firewall-cmd --list-all
    internal (default, active)
    interfaces: enp5s0
    sources: 192.168.10.0/24
    services: dhcpv6-client ipp-client mdns ssh
    ports: 2049/tcp
    masquerade: no
    forward-ports:
    rich rules:

    [root@<server> ~]# showmount -e localhost
    Export list for localhost:
    /export/home/<user> *.localdomain


    However, if I showmount from the client, I still have a problem.



    [root@<client> ~]# showmount -e <server>.localdomain
    clnt_create: RPC: Port mapper failure - Unable to receive: errno 113 (No route to host)


    Now, how am I sure that this is a firewall problem? Easy. Turn off the firewall. Server side:



    [root@<server> ~]# systemctl stop firewalld


    And client side:



    [root@<client> ~]# showmount -e <server>.localdomain
    Export list for <server>.localdomain:
    /export/home/<server> *.localdomain


    Restart firewalld. Server side:



    [root@<server> ~]# systemctl start firewalld


    And client side:



    [root@<client> ~]# showmount -e <server>.localdomain
    clnt_create: RPC: Port mapper failure - Unable to receive: errno 113 (No route to host)


    So, let's go to town, by adapting the iptables commands from a RHEL 6 NFS server HOW-TO...



    [root@ ~]# firewall-cmd 
    > --add-port=111/tcp
    > --add-port=111/udp
    > --add-port=892/tcp
    > --add-port=892/udp
    > --add-port=875/tcp
    > --add-port=875/udp
    > --add-port=662/tcp
    > --add-port=662/udp
    > --add-port=32769/udp
    > --add-port=32803/tcp
    success

    [root@<server> ~]# firewall-cmd
    > --add-port=111/tcp
    > --add-port=111/udp
    > --add-port=892/tcp
    > --add-port=892/udp
    > --add-port=875/tcp
    > --add-port=875/udp
    > --add-port=662/tcp
    > --add-port=662/udp
    > --add-port=32769/udp
    > --add-port=32803/tcp
    > --permanent
    success

    [root@<server> ~]# firewall-cmd --list-all
    internal (default, active)
    interfaces: enp5s0
    sources: 192.168.0.0/24
    services: dhcpv6-client ipp-client mdns ssh
    ports: 32803/tcp 662/udp 662/tcp 111/udp 875/udp 32769/udp 875/tcp 892/udp 2049/tcp 892/tcp 111/tcp
    masquerade: no
    forward-ports:
    rich rules:


    This time, I get a slightly different error message from the client:



    [root@<client> ~]# showmount -e <server>.localdomain
    rpc mount export: RPC: Unable to receive; errno = No route to host


    So, I know I'm on the right track. Having said that, why can't I find a definitive tutorial on this anywhere? I can't have been the first person to have to figure this out!



    What firewall-cmd entries am I missing?



    Oh, one other note. My /etc/sysconfig/nfs files on the CentOS 6 client and the CentOS 7 server are unmodified, so far. I would prefer to not have to change (and maintain!) them, if at all possible.










    share|improve this question


























      14












      14








      14


      9






      I haven't found a slam-dunk document on this, so let's start one.



      On a CentOS 7.1 host, I have gone through the linuxconfig HOW-TO, including the firewall-cmd entries, and I have an exportable filesystem.



      [root@<server> ~]# firewall-cmd --list-all
      internal (default, active)
      interfaces: enp5s0
      sources: 192.168.10.0/24
      services: dhcpv6-client ipp-client mdns ssh
      ports: 2049/tcp
      masquerade: no
      forward-ports:
      rich rules:

      [root@<server> ~]# showmount -e localhost
      Export list for localhost:
      /export/home/<user> *.localdomain


      However, if I showmount from the client, I still have a problem.



      [root@<client> ~]# showmount -e <server>.localdomain
      clnt_create: RPC: Port mapper failure - Unable to receive: errno 113 (No route to host)


      Now, how am I sure that this is a firewall problem? Easy. Turn off the firewall. Server side:



      [root@<server> ~]# systemctl stop firewalld


      And client side:



      [root@<client> ~]# showmount -e <server>.localdomain
      Export list for <server>.localdomain:
      /export/home/<server> *.localdomain


      Restart firewalld. Server side:



      [root@<server> ~]# systemctl start firewalld


      And client side:



      [root@<client> ~]# showmount -e <server>.localdomain
      clnt_create: RPC: Port mapper failure - Unable to receive: errno 113 (No route to host)


      So, let's go to town, by adapting the iptables commands from a RHEL 6 NFS server HOW-TO...



      [root@ ~]# firewall-cmd 
      > --add-port=111/tcp
      > --add-port=111/udp
      > --add-port=892/tcp
      > --add-port=892/udp
      > --add-port=875/tcp
      > --add-port=875/udp
      > --add-port=662/tcp
      > --add-port=662/udp
      > --add-port=32769/udp
      > --add-port=32803/tcp
      success

      [root@<server> ~]# firewall-cmd
      > --add-port=111/tcp
      > --add-port=111/udp
      > --add-port=892/tcp
      > --add-port=892/udp
      > --add-port=875/tcp
      > --add-port=875/udp
      > --add-port=662/tcp
      > --add-port=662/udp
      > --add-port=32769/udp
      > --add-port=32803/tcp
      > --permanent
      success

      [root@<server> ~]# firewall-cmd --list-all
      internal (default, active)
      interfaces: enp5s0
      sources: 192.168.0.0/24
      services: dhcpv6-client ipp-client mdns ssh
      ports: 32803/tcp 662/udp 662/tcp 111/udp 875/udp 32769/udp 875/tcp 892/udp 2049/tcp 892/tcp 111/tcp
      masquerade: no
      forward-ports:
      rich rules:


      This time, I get a slightly different error message from the client:



      [root@<client> ~]# showmount -e <server>.localdomain
      rpc mount export: RPC: Unable to receive; errno = No route to host


      So, I know I'm on the right track. Having said that, why can't I find a definitive tutorial on this anywhere? I can't have been the first person to have to figure this out!



      What firewall-cmd entries am I missing?



      Oh, one other note. My /etc/sysconfig/nfs files on the CentOS 6 client and the CentOS 7 server are unmodified, so far. I would prefer to not have to change (and maintain!) them, if at all possible.










      share|improve this question
















      I haven't found a slam-dunk document on this, so let's start one.



      On a CentOS 7.1 host, I have gone through the linuxconfig HOW-TO, including the firewall-cmd entries, and I have an exportable filesystem.



      [root@<server> ~]# firewall-cmd --list-all
      internal (default, active)
      interfaces: enp5s0
      sources: 192.168.10.0/24
      services: dhcpv6-client ipp-client mdns ssh
      ports: 2049/tcp
      masquerade: no
      forward-ports:
      rich rules:

      [root@<server> ~]# showmount -e localhost
      Export list for localhost:
      /export/home/<user> *.localdomain


      However, if I showmount from the client, I still have a problem.



      [root@<client> ~]# showmount -e <server>.localdomain
      clnt_create: RPC: Port mapper failure - Unable to receive: errno 113 (No route to host)


      Now, how am I sure that this is a firewall problem? Easy. Turn off the firewall. Server side:



      [root@<server> ~]# systemctl stop firewalld


      And client side:



      [root@<client> ~]# showmount -e <server>.localdomain
      Export list for <server>.localdomain:
      /export/home/<server> *.localdomain


      Restart firewalld. Server side:



      [root@<server> ~]# systemctl start firewalld


      And client side:



      [root@<client> ~]# showmount -e <server>.localdomain
      clnt_create: RPC: Port mapper failure - Unable to receive: errno 113 (No route to host)


      So, let's go to town, by adapting the iptables commands from a RHEL 6 NFS server HOW-TO...



      [root@ ~]# firewall-cmd 
      > --add-port=111/tcp
      > --add-port=111/udp
      > --add-port=892/tcp
      > --add-port=892/udp
      > --add-port=875/tcp
      > --add-port=875/udp
      > --add-port=662/tcp
      > --add-port=662/udp
      > --add-port=32769/udp
      > --add-port=32803/tcp
      success

      [root@<server> ~]# firewall-cmd
      > --add-port=111/tcp
      > --add-port=111/udp
      > --add-port=892/tcp
      > --add-port=892/udp
      > --add-port=875/tcp
      > --add-port=875/udp
      > --add-port=662/tcp
      > --add-port=662/udp
      > --add-port=32769/udp
      > --add-port=32803/tcp
      > --permanent
      success

      [root@<server> ~]# firewall-cmd --list-all
      internal (default, active)
      interfaces: enp5s0
      sources: 192.168.0.0/24
      services: dhcpv6-client ipp-client mdns ssh
      ports: 32803/tcp 662/udp 662/tcp 111/udp 875/udp 32769/udp 875/tcp 892/udp 2049/tcp 892/tcp 111/tcp
      masquerade: no
      forward-ports:
      rich rules:


      This time, I get a slightly different error message from the client:



      [root@<client> ~]# showmount -e <server>.localdomain
      rpc mount export: RPC: Unable to receive; errno = No route to host


      So, I know I'm on the right track. Having said that, why can't I find a definitive tutorial on this anywhere? I can't have been the first person to have to figure this out!



      What firewall-cmd entries am I missing?



      Oh, one other note. My /etc/sysconfig/nfs files on the CentOS 6 client and the CentOS 7 server are unmodified, so far. I would prefer to not have to change (and maintain!) them, if at all possible.







      centos rhel nfs firewalld file-server






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 25 '16 at 15:34









      Jeff Schaller

      44.4k1162143




      44.4k1162143










      asked Nov 18 '15 at 4:38









      dafydddafydd

      6752822




      6752822




















          4 Answers
          4






          active

          oldest

          votes


















          34














          This should be enough:



          firewall-cmd --permanent --add-service=nfs
          firewall-cmd --permanent --add-service=mountd
          firewall-cmd --permanent --add-service=rpc-bind
          firewall-cmd --reload





          share|improve this answer























          • Not enough in my case. I've got two NFS servers, the first one broadcasts correctly and is subscribed by its clients, the second is apparently broadcasting all right but its client (the first server) is unable to 'showmount' (rpc mount export: RPC: Unable to receive; errno = No route to host). I'll comeback here if/when I solve this.

            – Urhixidur
            Jul 14 '16 at 14:21











          • Turns out the SERVER needed the three services (nfs, mountd, rpc-bind) added to its firewall (dunno if the client needs all three too; it just happens to have all three in my case). In my case, the client (first NFS server) had it but the server (second NFS server) was missing mountd.

            – Urhixidur
            Jul 14 '16 at 14:32











          • @Urhixidur the client should not need these because firewalld allows outgoing connections.

            – T0xicCode
            Jan 23 '17 at 17:57











          • Note the spelling of rpc-bind. Although I enabled it with systemctl enable rpcbind and systemctl start rpcbind, firewall-cmd told me Error: INVALID_SERVICE: rpcbind. Soon I realized that it needs a dash in this context! Are they really the same service?

            – Qwertie
            Jan 17 at 0:01



















          4














          Just found this - and it works when the problem is SELinux blocking the reading of the ~/.ssh/authorized_keys during login! First, enxure your ~/.ssh/authorized_keys file is properly populated and its permissions and its folder's permissions are set correctly. If you then run "setenforce 0" on the SSH destination host and are able to login to that host without entering a password, but cannot do so after entering "setenforce 1" on that same destination host, the following may fix your issue:




          setsebool -P use_nfs_home_dirs 1




          ref: https://cassjohnston.wordpress.com/2015/06/12/selinux-nfs-home-directories/






          share|improve this answer
































            3














            After configuring NFS server we should enable and start three services:



            1. nfs-server.service

            2. rpcbind.service

            3. mound.service

            And also allow these services on server firewall:



            # firewall-cmd --permanent --add-service=nfs
            # firewall-cmd --permanent --add-service=rpcbind
            # firewall-cmd --permanent --add-service=mountd
            # firewall-cmd --reload





            share|improve this answer
































              0














              I use nfsv4 and works fine with those lines, supposing your zone is "public" and you are using the default ports 2049 and 4001



              firewall-cmd --permanent --add-service=nfs --zone=public
              firewall-cmd --permanent --add-service=mountd --zone=public
              firewall-cmd --permanent --add-service=rpc-bind --zone=public
              firewall-cmd --permanent --add-port=4001/udp --zone=public
              firewall-cmd --permanent --add-port=4001/tcp --zone=public
              firewall-cmd --permanent --add-port=2049/tcp --zone=public
              firewall-cmd --permanent --add-port=2049/udp --zone=public
              firewall-cmd --reload





              share|improve this answer























                Your Answer








                StackExchange.ready(function()
                var channelOptions =
                tags: "".split(" "),
                id: "106"
                ;
                initTagRenderer("".split(" "), "".split(" "), channelOptions);

                StackExchange.using("externalEditor", function()
                // Have to fire editor after snippets, if snippets enabled
                if (StackExchange.settings.snippets.snippetsEnabled)
                StackExchange.using("snippets", function()
                createEditor();
                );

                else
                createEditor();

                );

                function createEditor()
                StackExchange.prepareEditor(
                heartbeatType: 'answer',
                autoActivateHeartbeat: false,
                convertImagesToLinks: false,
                noModals: true,
                showLowRepImageUploadWarning: true,
                reputationToPostImages: null,
                bindNavPrevention: true,
                postfix: "",
                imageUploader:
                brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
                contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
                allowUrls: true
                ,
                onDemand: true,
                discardSelector: ".discard-answer"
                ,immediatelyShowMarkdownHelp:true
                );



                );













                draft saved

                draft discarded


















                StackExchange.ready(
                function ()
                StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f243756%2fnfs-servers-and-firewalld%23new-answer', 'question_page');

                );

                Post as a guest















                Required, but never shown

























                4 Answers
                4






                active

                oldest

                votes








                4 Answers
                4






                active

                oldest

                votes









                active

                oldest

                votes






                active

                oldest

                votes









                34














                This should be enough:



                firewall-cmd --permanent --add-service=nfs
                firewall-cmd --permanent --add-service=mountd
                firewall-cmd --permanent --add-service=rpc-bind
                firewall-cmd --reload





                share|improve this answer























                • Not enough in my case. I've got two NFS servers, the first one broadcasts correctly and is subscribed by its clients, the second is apparently broadcasting all right but its client (the first server) is unable to 'showmount' (rpc mount export: RPC: Unable to receive; errno = No route to host). I'll comeback here if/when I solve this.

                  – Urhixidur
                  Jul 14 '16 at 14:21











                • Turns out the SERVER needed the three services (nfs, mountd, rpc-bind) added to its firewall (dunno if the client needs all three too; it just happens to have all three in my case). In my case, the client (first NFS server) had it but the server (second NFS server) was missing mountd.

                  – Urhixidur
                  Jul 14 '16 at 14:32











                • @Urhixidur the client should not need these because firewalld allows outgoing connections.

                  – T0xicCode
                  Jan 23 '17 at 17:57











                • Note the spelling of rpc-bind. Although I enabled it with systemctl enable rpcbind and systemctl start rpcbind, firewall-cmd told me Error: INVALID_SERVICE: rpcbind. Soon I realized that it needs a dash in this context! Are they really the same service?

                  – Qwertie
                  Jan 17 at 0:01
















                34














                This should be enough:



                firewall-cmd --permanent --add-service=nfs
                firewall-cmd --permanent --add-service=mountd
                firewall-cmd --permanent --add-service=rpc-bind
                firewall-cmd --reload





                share|improve this answer























                • Not enough in my case. I've got two NFS servers, the first one broadcasts correctly and is subscribed by its clients, the second is apparently broadcasting all right but its client (the first server) is unable to 'showmount' (rpc mount export: RPC: Unable to receive; errno = No route to host). I'll comeback here if/when I solve this.

                  – Urhixidur
                  Jul 14 '16 at 14:21











                • Turns out the SERVER needed the three services (nfs, mountd, rpc-bind) added to its firewall (dunno if the client needs all three too; it just happens to have all three in my case). In my case, the client (first NFS server) had it but the server (second NFS server) was missing mountd.

                  – Urhixidur
                  Jul 14 '16 at 14:32











                • @Urhixidur the client should not need these because firewalld allows outgoing connections.

                  – T0xicCode
                  Jan 23 '17 at 17:57











                • Note the spelling of rpc-bind. Although I enabled it with systemctl enable rpcbind and systemctl start rpcbind, firewall-cmd told me Error: INVALID_SERVICE: rpcbind. Soon I realized that it needs a dash in this context! Are they really the same service?

                  – Qwertie
                  Jan 17 at 0:01














                34












                34








                34







                This should be enough:



                firewall-cmd --permanent --add-service=nfs
                firewall-cmd --permanent --add-service=mountd
                firewall-cmd --permanent --add-service=rpc-bind
                firewall-cmd --reload





                share|improve this answer













                This should be enough:



                firewall-cmd --permanent --add-service=nfs
                firewall-cmd --permanent --add-service=mountd
                firewall-cmd --permanent --add-service=rpc-bind
                firewall-cmd --reload






                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Nov 18 '15 at 9:56









                tomtom

                35633




                35633












                • Not enough in my case. I've got two NFS servers, the first one broadcasts correctly and is subscribed by its clients, the second is apparently broadcasting all right but its client (the first server) is unable to 'showmount' (rpc mount export: RPC: Unable to receive; errno = No route to host). I'll comeback here if/when I solve this.

                  – Urhixidur
                  Jul 14 '16 at 14:21











                • Turns out the SERVER needed the three services (nfs, mountd, rpc-bind) added to its firewall (dunno if the client needs all three too; it just happens to have all three in my case). In my case, the client (first NFS server) had it but the server (second NFS server) was missing mountd.

                  – Urhixidur
                  Jul 14 '16 at 14:32











                • @Urhixidur the client should not need these because firewalld allows outgoing connections.

                  – T0xicCode
                  Jan 23 '17 at 17:57











                • Note the spelling of rpc-bind. Although I enabled it with systemctl enable rpcbind and systemctl start rpcbind, firewall-cmd told me Error: INVALID_SERVICE: rpcbind. Soon I realized that it needs a dash in this context! Are they really the same service?

                  – Qwertie
                  Jan 17 at 0:01


















                • Not enough in my case. I've got two NFS servers, the first one broadcasts correctly and is subscribed by its clients, the second is apparently broadcasting all right but its client (the first server) is unable to 'showmount' (rpc mount export: RPC: Unable to receive; errno = No route to host). I'll comeback here if/when I solve this.

                  – Urhixidur
                  Jul 14 '16 at 14:21











                • Turns out the SERVER needed the three services (nfs, mountd, rpc-bind) added to its firewall (dunno if the client needs all three too; it just happens to have all three in my case). In my case, the client (first NFS server) had it but the server (second NFS server) was missing mountd.

                  – Urhixidur
                  Jul 14 '16 at 14:32











                • @Urhixidur the client should not need these because firewalld allows outgoing connections.

                  – T0xicCode
                  Jan 23 '17 at 17:57











                • Note the spelling of rpc-bind. Although I enabled it with systemctl enable rpcbind and systemctl start rpcbind, firewall-cmd told me Error: INVALID_SERVICE: rpcbind. Soon I realized that it needs a dash in this context! Are they really the same service?

                  – Qwertie
                  Jan 17 at 0:01

















                Not enough in my case. I've got two NFS servers, the first one broadcasts correctly and is subscribed by its clients, the second is apparently broadcasting all right but its client (the first server) is unable to 'showmount' (rpc mount export: RPC: Unable to receive; errno = No route to host). I'll comeback here if/when I solve this.

                – Urhixidur
                Jul 14 '16 at 14:21





                Not enough in my case. I've got two NFS servers, the first one broadcasts correctly and is subscribed by its clients, the second is apparently broadcasting all right but its client (the first server) is unable to 'showmount' (rpc mount export: RPC: Unable to receive; errno = No route to host). I'll comeback here if/when I solve this.

                – Urhixidur
                Jul 14 '16 at 14:21













                Turns out the SERVER needed the three services (nfs, mountd, rpc-bind) added to its firewall (dunno if the client needs all three too; it just happens to have all three in my case). In my case, the client (first NFS server) had it but the server (second NFS server) was missing mountd.

                – Urhixidur
                Jul 14 '16 at 14:32





                Turns out the SERVER needed the three services (nfs, mountd, rpc-bind) added to its firewall (dunno if the client needs all three too; it just happens to have all three in my case). In my case, the client (first NFS server) had it but the server (second NFS server) was missing mountd.

                – Urhixidur
                Jul 14 '16 at 14:32













                @Urhixidur the client should not need these because firewalld allows outgoing connections.

                – T0xicCode
                Jan 23 '17 at 17:57





                @Urhixidur the client should not need these because firewalld allows outgoing connections.

                – T0xicCode
                Jan 23 '17 at 17:57













                Note the spelling of rpc-bind. Although I enabled it with systemctl enable rpcbind and systemctl start rpcbind, firewall-cmd told me Error: INVALID_SERVICE: rpcbind. Soon I realized that it needs a dash in this context! Are they really the same service?

                – Qwertie
                Jan 17 at 0:01






                Note the spelling of rpc-bind. Although I enabled it with systemctl enable rpcbind and systemctl start rpcbind, firewall-cmd told me Error: INVALID_SERVICE: rpcbind. Soon I realized that it needs a dash in this context! Are they really the same service?

                – Qwertie
                Jan 17 at 0:01














                4














                Just found this - and it works when the problem is SELinux blocking the reading of the ~/.ssh/authorized_keys during login! First, enxure your ~/.ssh/authorized_keys file is properly populated and its permissions and its folder's permissions are set correctly. If you then run "setenforce 0" on the SSH destination host and are able to login to that host without entering a password, but cannot do so after entering "setenforce 1" on that same destination host, the following may fix your issue:




                setsebool -P use_nfs_home_dirs 1




                ref: https://cassjohnston.wordpress.com/2015/06/12/selinux-nfs-home-directories/






                share|improve this answer





























                  4














                  Just found this - and it works when the problem is SELinux blocking the reading of the ~/.ssh/authorized_keys during login! First, enxure your ~/.ssh/authorized_keys file is properly populated and its permissions and its folder's permissions are set correctly. If you then run "setenforce 0" on the SSH destination host and are able to login to that host without entering a password, but cannot do so after entering "setenforce 1" on that same destination host, the following may fix your issue:




                  setsebool -P use_nfs_home_dirs 1




                  ref: https://cassjohnston.wordpress.com/2015/06/12/selinux-nfs-home-directories/






                  share|improve this answer



























                    4












                    4








                    4







                    Just found this - and it works when the problem is SELinux blocking the reading of the ~/.ssh/authorized_keys during login! First, enxure your ~/.ssh/authorized_keys file is properly populated and its permissions and its folder's permissions are set correctly. If you then run "setenforce 0" on the SSH destination host and are able to login to that host without entering a password, but cannot do so after entering "setenforce 1" on that same destination host, the following may fix your issue:




                    setsebool -P use_nfs_home_dirs 1




                    ref: https://cassjohnston.wordpress.com/2015/06/12/selinux-nfs-home-directories/






                    share|improve this answer















                    Just found this - and it works when the problem is SELinux blocking the reading of the ~/.ssh/authorized_keys during login! First, enxure your ~/.ssh/authorized_keys file is properly populated and its permissions and its folder's permissions are set correctly. If you then run "setenforce 0" on the SSH destination host and are able to login to that host without entering a password, but cannot do so after entering "setenforce 1" on that same destination host, the following may fix your issue:




                    setsebool -P use_nfs_home_dirs 1




                    ref: https://cassjohnston.wordpress.com/2015/06/12/selinux-nfs-home-directories/







                    share|improve this answer














                    share|improve this answer



                    share|improve this answer








                    edited Jan 16 '18 at 20:22

























                    answered Jan 16 '18 at 17:05









                    JamesMJamesM

                    412




                    412





















                        3














                        After configuring NFS server we should enable and start three services:



                        1. nfs-server.service

                        2. rpcbind.service

                        3. mound.service

                        And also allow these services on server firewall:



                        # firewall-cmd --permanent --add-service=nfs
                        # firewall-cmd --permanent --add-service=rpcbind
                        # firewall-cmd --permanent --add-service=mountd
                        # firewall-cmd --reload





                        share|improve this answer





























                          3














                          After configuring NFS server we should enable and start three services:



                          1. nfs-server.service

                          2. rpcbind.service

                          3. mound.service

                          And also allow these services on server firewall:



                          # firewall-cmd --permanent --add-service=nfs
                          # firewall-cmd --permanent --add-service=rpcbind
                          # firewall-cmd --permanent --add-service=mountd
                          # firewall-cmd --reload





                          share|improve this answer



























                            3












                            3








                            3







                            After configuring NFS server we should enable and start three services:



                            1. nfs-server.service

                            2. rpcbind.service

                            3. mound.service

                            And also allow these services on server firewall:



                            # firewall-cmd --permanent --add-service=nfs
                            # firewall-cmd --permanent --add-service=rpcbind
                            # firewall-cmd --permanent --add-service=mountd
                            # firewall-cmd --reload





                            share|improve this answer















                            After configuring NFS server we should enable and start three services:



                            1. nfs-server.service

                            2. rpcbind.service

                            3. mound.service

                            And also allow these services on server firewall:



                            # firewall-cmd --permanent --add-service=nfs
                            # firewall-cmd --permanent --add-service=rpcbind
                            # firewall-cmd --permanent --add-service=mountd
                            # firewall-cmd --reload






                            share|improve this answer














                            share|improve this answer



                            share|improve this answer








                            edited Sep 11 '16 at 10:28









                            dr01

                            16.3k115275




                            16.3k115275










                            answered Sep 11 '16 at 6:19









                            Aditya.VAditya.V

                            311




                            311





















                                0














                                I use nfsv4 and works fine with those lines, supposing your zone is "public" and you are using the default ports 2049 and 4001



                                firewall-cmd --permanent --add-service=nfs --zone=public
                                firewall-cmd --permanent --add-service=mountd --zone=public
                                firewall-cmd --permanent --add-service=rpc-bind --zone=public
                                firewall-cmd --permanent --add-port=4001/udp --zone=public
                                firewall-cmd --permanent --add-port=4001/tcp --zone=public
                                firewall-cmd --permanent --add-port=2049/tcp --zone=public
                                firewall-cmd --permanent --add-port=2049/udp --zone=public
                                firewall-cmd --reload





                                share|improve this answer



























                                  0














                                  I use nfsv4 and works fine with those lines, supposing your zone is "public" and you are using the default ports 2049 and 4001



                                  firewall-cmd --permanent --add-service=nfs --zone=public
                                  firewall-cmd --permanent --add-service=mountd --zone=public
                                  firewall-cmd --permanent --add-service=rpc-bind --zone=public
                                  firewall-cmd --permanent --add-port=4001/udp --zone=public
                                  firewall-cmd --permanent --add-port=4001/tcp --zone=public
                                  firewall-cmd --permanent --add-port=2049/tcp --zone=public
                                  firewall-cmd --permanent --add-port=2049/udp --zone=public
                                  firewall-cmd --reload





                                  share|improve this answer

























                                    0












                                    0








                                    0







                                    I use nfsv4 and works fine with those lines, supposing your zone is "public" and you are using the default ports 2049 and 4001



                                    firewall-cmd --permanent --add-service=nfs --zone=public
                                    firewall-cmd --permanent --add-service=mountd --zone=public
                                    firewall-cmd --permanent --add-service=rpc-bind --zone=public
                                    firewall-cmd --permanent --add-port=4001/udp --zone=public
                                    firewall-cmd --permanent --add-port=4001/tcp --zone=public
                                    firewall-cmd --permanent --add-port=2049/tcp --zone=public
                                    firewall-cmd --permanent --add-port=2049/udp --zone=public
                                    firewall-cmd --reload





                                    share|improve this answer













                                    I use nfsv4 and works fine with those lines, supposing your zone is "public" and you are using the default ports 2049 and 4001



                                    firewall-cmd --permanent --add-service=nfs --zone=public
                                    firewall-cmd --permanent --add-service=mountd --zone=public
                                    firewall-cmd --permanent --add-service=rpc-bind --zone=public
                                    firewall-cmd --permanent --add-port=4001/udp --zone=public
                                    firewall-cmd --permanent --add-port=4001/tcp --zone=public
                                    firewall-cmd --permanent --add-port=2049/tcp --zone=public
                                    firewall-cmd --permanent --add-port=2049/udp --zone=public
                                    firewall-cmd --reload






                                    share|improve this answer












                                    share|improve this answer



                                    share|improve this answer










                                    answered Mar 3 at 9:44









                                    elbarnaelbarna

                                    4,243124086




                                    4,243124086



























                                        draft saved

                                        draft discarded
















































                                        Thanks for contributing an answer to Unix & Linux Stack Exchange!


                                        • Please be sure to answer the question. Provide details and share your research!

                                        But avoid


                                        • Asking for help, clarification, or responding to other answers.

                                        • Making statements based on opinion; back them up with references or personal experience.

                                        To learn more, see our tips on writing great answers.




                                        draft saved


                                        draft discarded














                                        StackExchange.ready(
                                        function ()
                                        StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f243756%2fnfs-servers-and-firewalld%23new-answer', 'question_page');

                                        );

                                        Post as a guest















                                        Required, but never shown





















































                                        Required, but never shown














                                        Required, but never shown












                                        Required, but never shown







                                        Required, but never shown

































                                        Required, but never shown














                                        Required, but never shown












                                        Required, but never shown







                                        Required, but never shown






                                        Popular posts from this blog

                                        How to check contact read email or not when send email to Individual?

                                        Displaying single band from multi-band raster using QGIS

                                        How many registers does an x86_64 CPU actually have?