NFS servers and firewalld
Clash Royale CLAN TAG#URR8PPP
I haven't found a slam-dunk document on this, so let's start one.
On a CentOS 7.1 host, I have gone through the linuxconfig HOW-TO, including the firewall-cmd entries, and I have an exportable filesystem.
[root@<server> ~]# firewall-cmd --list-all
internal (default, active)
interfaces: enp5s0
sources: 192.168.10.0/24
services: dhcpv6-client ipp-client mdns ssh
ports: 2049/tcp
masquerade: no
forward-ports:
rich rules:
[root@<server> ~]# showmount -e localhost
Export list for localhost:
/export/home/<user> *.localdomain
However, if I showmount from the client, I still have a problem.
[root@<client> ~]# showmount -e <server>.localdomain
clnt_create: RPC: Port mapper failure - Unable to receive: errno 113 (No route to host)
Now, how am I sure that this is a firewall problem? Easy. Turn off the firewall. Server side:
[root@<server> ~]# systemctl stop firewalld
And client side:
[root@<client> ~]# showmount -e <server>.localdomain
Export list for <server>.localdomain:
/export/home/<server> *.localdomain
Restart firewalld. Server side:
[root@<server> ~]# systemctl start firewalld
And client side:
[root@<client> ~]# showmount -e <server>.localdomain
clnt_create: RPC: Port mapper failure - Unable to receive: errno 113 (No route to host)
So, let's go to town, by adapting the iptables commands from a RHEL 6 NFS server HOW-TO...
[root@ ~]# firewall-cmd
> --add-port=111/tcp
> --add-port=111/udp
> --add-port=892/tcp
> --add-port=892/udp
> --add-port=875/tcp
> --add-port=875/udp
> --add-port=662/tcp
> --add-port=662/udp
> --add-port=32769/udp
> --add-port=32803/tcp
success
[root@<server> ~]# firewall-cmd
> --add-port=111/tcp
> --add-port=111/udp
> --add-port=892/tcp
> --add-port=892/udp
> --add-port=875/tcp
> --add-port=875/udp
> --add-port=662/tcp
> --add-port=662/udp
> --add-port=32769/udp
> --add-port=32803/tcp
> --permanent
success
[root@<server> ~]# firewall-cmd --list-all
internal (default, active)
interfaces: enp5s0
sources: 192.168.0.0/24
services: dhcpv6-client ipp-client mdns ssh
ports: 32803/tcp 662/udp 662/tcp 111/udp 875/udp 32769/udp 875/tcp 892/udp 2049/tcp 892/tcp 111/tcp
masquerade: no
forward-ports:
rich rules:
This time, I get a slightly different error message from the client:
[root@<client> ~]# showmount -e <server>.localdomain
rpc mount export: RPC: Unable to receive; errno = No route to host
So, I know I'm on the right track. Having said that, why can't I find a definitive tutorial on this anywhere? I can't have been the first person to have to figure this out!
What firewall-cmd entries am I missing?
Oh, one other note. My /etc/sysconfig/nfs files on the CentOS 6 client and the CentOS 7 server are unmodified, so far. I would prefer to not have to change (and maintain!) them, if at all possible.
centos rhel nfs firewalld file-server
edited Nov 25 '16 at 15:34
Jeff Schaller♦
44.4k1162143
asked Nov 18 '15 at 4:38
dafydddafydd
6752822
add a comment |
I haven't found a slam-dunk document on this, so let's start one.
On a CentOS 7.1 host, I have gone through the linuxconfig HOW-TO, including the firewall-cmd entries, and I have an exportable filesystem.
[root@<server> ~]# firewall-cmd --list-all
internal (default, active)
interfaces: enp5s0
sources: 192.168.10.0/24
services: dhcpv6-client ipp-client mdns ssh
ports: 2049/tcp
masquerade: no
forward-ports:
rich rules:
[root@<server> ~]# showmount -e localhost
Export list for localhost:
/export/home/<user> *.localdomain
However, if I showmount from the client, I still have a problem.
[root@<client> ~]# showmount -e <server>.localdomain
clnt_create: RPC: Port mapper failure - Unable to receive: errno 113 (No route to host)
Now, how am I sure that this is a firewall problem? Easy. Turn off the firewall. Server side:
[root@<server> ~]# systemctl stop firewalld
And client side:
[root@<client> ~]# showmount -e <server>.localdomain
Export list for <server>.localdomain:
/export/home/<server> *.localdomain
Restart firewalld. Server side:
[root@<server> ~]# systemctl start firewalld
And client side:
[root@<client> ~]# showmount -e <server>.localdomain
clnt_create: RPC: Port mapper failure - Unable to receive: errno 113 (No route to host)
So, let's go to town, by adapting the iptables commands from a RHEL 6 NFS server HOW-TO...
[root@ ~]# firewall-cmd
> --add-port=111/tcp
> --add-port=111/udp
> --add-port=892/tcp
> --add-port=892/udp
> --add-port=875/tcp
> --add-port=875/udp
> --add-port=662/tcp
> --add-port=662/udp
> --add-port=32769/udp
> --add-port=32803/tcp
success
[root@<server> ~]# firewall-cmd
> --add-port=111/tcp
> --add-port=111/udp
> --add-port=892/tcp
> --add-port=892/udp
> --add-port=875/tcp
> --add-port=875/udp
> --add-port=662/tcp
> --add-port=662/udp
> --add-port=32769/udp
> --add-port=32803/tcp
> --permanent
success
[root@<server> ~]# firewall-cmd --list-all
internal (default, active)
interfaces: enp5s0
sources: 192.168.0.0/24
services: dhcpv6-client ipp-client mdns ssh
ports: 32803/tcp 662/udp 662/tcp 111/udp 875/udp 32769/udp 875/tcp 892/udp 2049/tcp 892/tcp 111/tcp
masquerade: no
forward-ports:
rich rules:
This time, I get a slightly different error message from the client:
[root@<client> ~]# showmount -e <server>.localdomain
rpc mount export: RPC: Unable to receive; errno = No route to host
So, I know I'm on the right track. Having said that, why can't I find a definitive tutorial on this anywhere? I can't have been the first person to have to figure this out!
What firewall-cmd entries am I missing?
Oh, one other note. My /etc/sysconfig/nfs files on the CentOS 6 client and the CentOS 7 server are unmodified, so far. I would prefer to not have to change (and maintain!) them, if at all possible.
centos rhel nfs firewalld file-server
edited Nov 25 '16 at 15:34
Jeff Schaller♦
44.4k1162143
asked Nov 18 '15 at 4:38
dafydddafydd
6752822
add a comment |
I haven't found a slam-dunk document on this, so let's start one.
On a CentOS 7.1 host, I have gone through the linuxconfig HOW-TO, including the firewall-cmd entries, and I have an exportable filesystem.
[root@<server> ~]# firewall-cmd --list-all
internal (default, active)
interfaces: enp5s0
sources: 192.168.10.0/24
services: dhcpv6-client ipp-client mdns ssh
ports: 2049/tcp
masquerade: no
forward-ports:
rich rules:
[root@<server> ~]# showmount -e localhost
Export list for localhost:
/export/home/<user> *.localdomain
However, if I showmount from the client, I still have a problem.
[root@<client> ~]# showmount -e <server>.localdomain
clnt_create: RPC: Port mapper failure - Unable to receive: errno 113 (No route to host)
Now, how am I sure that this is a firewall problem? Easy. Turn off the firewall. Server side:
[root@<server> ~]# systemctl stop firewalld
And client side:
[root@<client> ~]# showmount -e <server>.localdomain
Export list for <server>.localdomain:
/export/home/<server> *.localdomain
Restart firewalld. Server side:
[root@<server> ~]# systemctl start firewalld
And client side:
[root@<client> ~]# showmount -e <server>.localdomain
clnt_create: RPC: Port mapper failure - Unable to receive: errno 113 (No route to host)
So, let's go to town, by adapting the iptables commands from a RHEL 6 NFS server HOW-TO...
[root@ ~]# firewall-cmd
> --add-port=111/tcp
> --add-port=111/udp
> --add-port=892/tcp
> --add-port=892/udp
> --add-port=875/tcp
> --add-port=875/udp
> --add-port=662/tcp
> --add-port=662/udp
> --add-port=32769/udp
> --add-port=32803/tcp
success
[root@<server> ~]# firewall-cmd
> --add-port=111/tcp
> --add-port=111/udp
> --add-port=892/tcp
> --add-port=892/udp
> --add-port=875/tcp
> --add-port=875/udp
> --add-port=662/tcp
> --add-port=662/udp
> --add-port=32769/udp
> --add-port=32803/tcp
> --permanent
success
[root@<server> ~]# firewall-cmd --list-all
internal (default, active)
interfaces: enp5s0
sources: 192.168.0.0/24
services: dhcpv6-client ipp-client mdns ssh
ports: 32803/tcp 662/udp 662/tcp 111/udp 875/udp 32769/udp 875/tcp 892/udp 2049/tcp 892/tcp 111/tcp
masquerade: no
forward-ports:
rich rules:
This time, I get a slightly different error message from the client:
[root@<client> ~]# showmount -e <server>.localdomain
rpc mount export: RPC: Unable to receive; errno = No route to host
So, I know I'm on the right track. Having said that, why can't I find a definitive tutorial on this anywhere? I can't have been the first person to have to figure this out!
What firewall-cmd entries am I missing?
Oh, one other note. My /etc/sysconfig/nfs files on the CentOS 6 client and the CentOS 7 server are unmodified, so far. I would prefer to not have to change (and maintain!) them, if at all possible.
centos rhel nfs firewalld file-server
edited Nov 25 '16 at 15:34
Jeff Schaller♦
44.4k1162143
asked Nov 18 '15 at 4:38
dafydddafydd
6752822
I haven't found a slam-dunk document on this, so let's start one.
On a CentOS 7.1 host, I have gone through the linuxconfig HOW-TO, including the firewall-cmd entries, and I have an exportable filesystem.
[root@<server> ~]# firewall-cmd --list-all
internal (default, active)
interfaces: enp5s0
sources: 192.168.10.0/24
services: dhcpv6-client ipp-client mdns ssh
ports: 2049/tcp
masquerade: no
forward-ports:
rich rules:
[root@<server> ~]# showmount -e localhost
Export list for localhost:
/export/home/<user> *.localdomain
However, if I showmount from the client, I still have a problem.
[root@<client> ~]# showmount -e <server>.localdomain
clnt_create: RPC: Port mapper failure - Unable to receive: errno 113 (No route to host)
Now, how am I sure that this is a firewall problem? Easy. Turn off the firewall. Server side:
[root@<server> ~]# systemctl stop firewalld
And client side:
[root@<client> ~]# showmount -e <server>.localdomain
Export list for <server>.localdomain:
/export/home/<server> *.localdomain
Restart firewalld. Server side:
[root@<server> ~]# systemctl start firewalld
And client side:
[root@<client> ~]# showmount -e <server>.localdomain
clnt_create: RPC: Port mapper failure - Unable to receive: errno 113 (No route to host)
So, let's go to town, by adapting the iptables commands from a RHEL 6 NFS server HOW-TO...
[root@ ~]# firewall-cmd
> --add-port=111/tcp
> --add-port=111/udp
> --add-port=892/tcp
> --add-port=892/udp
> --add-port=875/tcp
> --add-port=875/udp
> --add-port=662/tcp
> --add-port=662/udp
> --add-port=32769/udp
> --add-port=32803/tcp
success
[root@<server> ~]# firewall-cmd
> --add-port=111/tcp
> --add-port=111/udp
> --add-port=892/tcp
> --add-port=892/udp
> --add-port=875/tcp
> --add-port=875/udp
> --add-port=662/tcp
> --add-port=662/udp
> --add-port=32769/udp
> --add-port=32803/tcp
> --permanent
success
[root@<server> ~]# firewall-cmd --list-all
internal (default, active)
interfaces: enp5s0
sources: 192.168.0.0/24
services: dhcpv6-client ipp-client mdns ssh
ports: 32803/tcp 662/udp 662/tcp 111/udp 875/udp 32769/udp 875/tcp 892/udp 2049/tcp 892/tcp 111/tcp
masquerade: no
forward-ports:
rich rules:
This time, I get a slightly different error message from the client:
[root@<client> ~]# showmount -e <server>.localdomain
rpc mount export: RPC: Unable to receive; errno = No route to host
So, I know I'm on the right track. Having said that, why can't I find a definitive tutorial on this anywhere? I can't have been the first person to have to figure this out!
What firewall-cmd entries am I missing?
Oh, one other note. My /etc/sysconfig/nfs files on the CentOS 6 client and the CentOS 7 server are unmodified, so far. I would prefer to not have to change (and maintain!) them, if at all possible.
centos rhel nfs firewalld file-server
centos rhel nfs firewalld file-server
edited Nov 25 '16 at 15:34
Jeff Schaller♦
44.4k1162143
asked Nov 18 '15 at 4:38
dafydddafydd
6752822
edited Nov 25 '16 at 15:34
Jeff Schaller♦
44.4k1162143
asked Nov 18 '15 at 4:38
dafydddafydd
6752822
edited Nov 25 '16 at 15:34
Jeff Schaller♦
44.4k1162143
edited Nov 25 '16 at 15:34
Jeff Schaller♦
44.4k1162143
edited Nov 25 '16 at 15:34
Jeff Schaller♦
44.4k1162143
44.4k1162143
asked Nov 18 '15 at 4:38
dafydddafydd
6752822
asked Nov 18 '15 at 4:38
dafydddafydd
6752822
asked Nov 18 '15 at 4:38
dafydddafydd
6752822
6752822
add a comment |
add a comment |
4 Answers
4
active
oldest
votes
This should be enough:
firewall-cmd --permanent --add-service=nfs
firewall-cmd --permanent --add-service=mountd
firewall-cmd --permanent --add-service=rpc-bind
firewall-cmd --reload
answered Nov 18 '15 at 9:56
tomtom
35633
Not enough in my case. I've got two NFS servers, the first one broadcasts correctly and is subscribed by its clients, the second is apparently broadcasting all right but its client (the first server) is unable to 'showmount' (rpc mount export: RPC: Unable to receive; errno = No route to host). I'll comeback here if/when I solve this.
– Urhixidur
Jul 14 '16 at 14:21
Turns out the SERVER needed the three services (nfs, mountd, rpc-bind) added to its firewall (dunno if the client needs all three too; it just happens to have all three in my case). In my case, the client (first NFS server) had it but the server (second NFS server) was missing mountd.
– Urhixidur
Jul 14 '16 at 14:32
@Urhixidur the client should not need these because firewalld allows outgoing connections.
– T0xicCode
Jan 23 '17 at 17:57
Note the spelling of rpc-bind. Although I enabled it withsystemctl enable rpcbindandsystemctl start rpcbind, firewall-cmd told meError: INVALID_SERVICE: rpcbind. Soon I realized that it needs a dash in this context! Are they really the same service?
– Qwertie
Jan 17 at 0:01
add a comment |
Just found this - and it works when the problem is SELinux blocking the reading of the ~/.ssh/authorized_keys during login! First, enxure your ~/.ssh/authorized_keys file is properly populated and its permissions and its folder's permissions are set correctly. If you then run "setenforce 0" on the SSH destination host and are able to login to that host without entering a password, but cannot do so after entering "setenforce 1" on that same destination host, the following may fix your issue:
setsebool -P use_nfs_home_dirs 1
ref: https://cassjohnston.wordpress.com/2015/06/12/selinux-nfs-home-directories/
answered Jan 16 '18 at 17:05
JamesMJamesM
412
add a comment |
After configuring NFS server we should enable and start three services:
- nfs-server.service
- rpcbind.service
- mound.service
And also allow these services on server firewall:
# firewall-cmd --permanent --add-service=nfs
# firewall-cmd --permanent --add-service=rpcbind
# firewall-cmd --permanent --add-service=mountd
# firewall-cmd --reload
edited Sep 11 '16 at 10:28
dr01
16.3k115275
answered Sep 11 '16 at 6:19
Aditya.VAditya.V
311
add a comment |
I use nfsv4 and works fine with those lines, supposing your zone is "public" and you are using the default ports 2049 and 4001
firewall-cmd --permanent --add-service=nfs --zone=public
firewall-cmd --permanent --add-service=mountd --zone=public
firewall-cmd --permanent --add-service=rpc-bind --zone=public
firewall-cmd --permanent --add-port=4001/udp --zone=public
firewall-cmd --permanent --add-port=4001/tcp --zone=public
firewall-cmd --permanent --add-port=2049/tcp --zone=public
firewall-cmd --permanent --add-port=2049/udp --zone=public
firewall-cmd --reload
answered Mar 3 at 9:44
elbarnaelbarna
4,243124086
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f243756%2fnfs-servers-and-firewalld%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
This should be enough:
firewall-cmd --permanent --add-service=nfs
firewall-cmd --permanent --add-service=mountd
firewall-cmd --permanent --add-service=rpc-bind
firewall-cmd --reload
answered Nov 18 '15 at 9:56
tomtom
35633
Not enough in my case. I've got two NFS servers, the first one broadcasts correctly and is subscribed by its clients, the second is apparently broadcasting all right but its client (the first server) is unable to 'showmount' (rpc mount export: RPC: Unable to receive; errno = No route to host). I'll comeback here if/when I solve this.
– Urhixidur
Jul 14 '16 at 14:21
Turns out the SERVER needed the three services (nfs, mountd, rpc-bind) added to its firewall (dunno if the client needs all three too; it just happens to have all three in my case). In my case, the client (first NFS server) had it but the server (second NFS server) was missing mountd.
– Urhixidur
Jul 14 '16 at 14:32
@Urhixidur the client should not need these because firewalld allows outgoing connections.
– T0xicCode
Jan 23 '17 at 17:57
Note the spelling of rpc-bind. Although I enabled it withsystemctl enable rpcbindandsystemctl start rpcbind, firewall-cmd told meError: INVALID_SERVICE: rpcbind. Soon I realized that it needs a dash in this context! Are they really the same service?
– Qwertie
Jan 17 at 0:01
add a comment |
This should be enough:
firewall-cmd --permanent --add-service=nfs
firewall-cmd --permanent --add-service=mountd
firewall-cmd --permanent --add-service=rpc-bind
firewall-cmd --reload
answered Nov 18 '15 at 9:56
tomtom
35633
Not enough in my case. I've got two NFS servers, the first one broadcasts correctly and is subscribed by its clients, the second is apparently broadcasting all right but its client (the first server) is unable to 'showmount' (rpc mount export: RPC: Unable to receive; errno = No route to host). I'll comeback here if/when I solve this.
– Urhixidur
Jul 14 '16 at 14:21
Turns out the SERVER needed the three services (nfs, mountd, rpc-bind) added to its firewall (dunno if the client needs all three too; it just happens to have all three in my case). In my case, the client (first NFS server) had it but the server (second NFS server) was missing mountd.
– Urhixidur
Jul 14 '16 at 14:32
@Urhixidur the client should not need these because firewalld allows outgoing connections.
– T0xicCode
Jan 23 '17 at 17:57
Note the spelling of rpc-bind. Although I enabled it withsystemctl enable rpcbindandsystemctl start rpcbind, firewall-cmd told meError: INVALID_SERVICE: rpcbind. Soon I realized that it needs a dash in this context! Are they really the same service?
– Qwertie
Jan 17 at 0:01
add a comment |
This should be enough:
firewall-cmd --permanent --add-service=nfs
firewall-cmd --permanent --add-service=mountd
firewall-cmd --permanent --add-service=rpc-bind
firewall-cmd --reload
answered Nov 18 '15 at 9:56
tomtom
35633
This should be enough:
firewall-cmd --permanent --add-service=nfs
firewall-cmd --permanent --add-service=mountd
firewall-cmd --permanent --add-service=rpc-bind
firewall-cmd --reload
answered Nov 18 '15 at 9:56
tomtom
35633
answered Nov 18 '15 at 9:56
tomtom
35633
answered Nov 18 '15 at 9:56
tomtom
35633
answered Nov 18 '15 at 9:56
tomtom
35633
35633
Not enough in my case. I've got two NFS servers, the first one broadcasts correctly and is subscribed by its clients, the second is apparently broadcasting all right but its client (the first server) is unable to 'showmount' (rpc mount export: RPC: Unable to receive; errno = No route to host). I'll comeback here if/when I solve this.
– Urhixidur
Jul 14 '16 at 14:21
Turns out the SERVER needed the three services (nfs, mountd, rpc-bind) added to its firewall (dunno if the client needs all three too; it just happens to have all three in my case). In my case, the client (first NFS server) had it but the server (second NFS server) was missing mountd.
– Urhixidur
Jul 14 '16 at 14:32
@Urhixidur the client should not need these because firewalld allows outgoing connections.
– T0xicCode
Jan 23 '17 at 17:57
Note the spelling of rpc-bind. Although I enabled it withsystemctl enable rpcbindandsystemctl start rpcbind, firewall-cmd told meError: INVALID_SERVICE: rpcbind. Soon I realized that it needs a dash in this context! Are they really the same service?
– Qwertie
Jan 17 at 0:01
add a comment |
Not enough in my case. I've got two NFS servers, the first one broadcasts correctly and is subscribed by its clients, the second is apparently broadcasting all right but its client (the first server) is unable to 'showmount' (rpc mount export: RPC: Unable to receive; errno = No route to host). I'll comeback here if/when I solve this.
– Urhixidur
Jul 14 '16 at 14:21
Turns out the SERVER needed the three services (nfs, mountd, rpc-bind) added to its firewall (dunno if the client needs all three too; it just happens to have all three in my case). In my case, the client (first NFS server) had it but the server (second NFS server) was missing mountd.
– Urhixidur
Jul 14 '16 at 14:32
@Urhixidur the client should not need these because firewalld allows outgoing connections.
– T0xicCode
Jan 23 '17 at 17:57
Note the spelling of rpc-bind. Although I enabled it withsystemctl enable rpcbindandsystemctl start rpcbind, firewall-cmd told meError: INVALID_SERVICE: rpcbind. Soon I realized that it needs a dash in this context! Are they really the same service?
– Qwertie
Jan 17 at 0:01
Not enough in my case. I've got two NFS servers, the first one broadcasts correctly and is subscribed by its clients, the second is apparently broadcasting all right but its client (the first server) is unable to 'showmount' (rpc mount export: RPC: Unable to receive; errno = No route to host). I'll comeback here if/when I solve this.
– Urhixidur
Jul 14 '16 at 14:21
Not enough in my case. I've got two NFS servers, the first one broadcasts correctly and is subscribed by its clients, the second is apparently broadcasting all right but its client (the first server) is unable to 'showmount' (rpc mount export: RPC: Unable to receive; errno = No route to host). I'll comeback here if/when I solve this.
– Urhixidur
Jul 14 '16 at 14:21
Turns out the SERVER needed the three services (nfs, mountd, rpc-bind) added to its firewall (dunno if the client needs all three too; it just happens to have all three in my case). In my case, the client (first NFS server) had it but the server (second NFS server) was missing mountd.
– Urhixidur
Jul 14 '16 at 14:32
Turns out the SERVER needed the three services (nfs, mountd, rpc-bind) added to its firewall (dunno if the client needs all three too; it just happens to have all three in my case). In my case, the client (first NFS server) had it but the server (second NFS server) was missing mountd.
– Urhixidur
Jul 14 '16 at 14:32
@Urhixidur the client should not need these because firewalld allows outgoing connections.
– T0xicCode
Jan 23 '17 at 17:57
@Urhixidur the client should not need these because firewalld allows outgoing connections.
– T0xicCode
Jan 23 '17 at 17:57
Note the spelling of rpc-bind. Although I enabled it with
systemctl enable rpcbind and systemctl start rpcbind, firewall-cmd told me Error: INVALID_SERVICE: rpcbind. Soon I realized that it needs a dash in this context! Are they really the same service?– Qwertie
Jan 17 at 0:01
Note the spelling of rpc-bind. Although I enabled it with
systemctl enable rpcbind and systemctl start rpcbind, firewall-cmd told me Error: INVALID_SERVICE: rpcbind. Soon I realized that it needs a dash in this context! Are they really the same service?– Qwertie
Jan 17 at 0:01
add a comment |
Just found this - and it works when the problem is SELinux blocking the reading of the ~/.ssh/authorized_keys during login! First, enxure your ~/.ssh/authorized_keys file is properly populated and its permissions and its folder's permissions are set correctly. If you then run "setenforce 0" on the SSH destination host and are able to login to that host without entering a password, but cannot do so after entering "setenforce 1" on that same destination host, the following may fix your issue:
setsebool -P use_nfs_home_dirs 1
ref: https://cassjohnston.wordpress.com/2015/06/12/selinux-nfs-home-directories/
answered Jan 16 '18 at 17:05
JamesMJamesM
412
add a comment |
Just found this - and it works when the problem is SELinux blocking the reading of the ~/.ssh/authorized_keys during login! First, enxure your ~/.ssh/authorized_keys file is properly populated and its permissions and its folder's permissions are set correctly. If you then run "setenforce 0" on the SSH destination host and are able to login to that host without entering a password, but cannot do so after entering "setenforce 1" on that same destination host, the following may fix your issue:
setsebool -P use_nfs_home_dirs 1
ref: https://cassjohnston.wordpress.com/2015/06/12/selinux-nfs-home-directories/
answered Jan 16 '18 at 17:05
JamesMJamesM
412
add a comment |
Just found this - and it works when the problem is SELinux blocking the reading of the ~/.ssh/authorized_keys during login! First, enxure your ~/.ssh/authorized_keys file is properly populated and its permissions and its folder's permissions are set correctly. If you then run "setenforce 0" on the SSH destination host and are able to login to that host without entering a password, but cannot do so after entering "setenforce 1" on that same destination host, the following may fix your issue:
setsebool -P use_nfs_home_dirs 1
ref: https://cassjohnston.wordpress.com/2015/06/12/selinux-nfs-home-directories/
answered Jan 16 '18 at 17:05
JamesMJamesM
412
Just found this - and it works when the problem is SELinux blocking the reading of the ~/.ssh/authorized_keys during login! First, enxure your ~/.ssh/authorized_keys file is properly populated and its permissions and its folder's permissions are set correctly. If you then run "setenforce 0" on the SSH destination host and are able to login to that host without entering a password, but cannot do so after entering "setenforce 1" on that same destination host, the following may fix your issue:
setsebool -P use_nfs_home_dirs 1
ref: https://cassjohnston.wordpress.com/2015/06/12/selinux-nfs-home-directories/
answered Jan 16 '18 at 17:05
JamesMJamesM
412
edited Jan 16 '18 at 20:22
answered Jan 16 '18 at 17:05
JamesMJamesM
412
answered Jan 16 '18 at 17:05
JamesMJamesM
412
answered Jan 16 '18 at 17:05
JamesMJamesM
412
412
add a comment |
add a comment |
After configuring NFS server we should enable and start three services:
- nfs-server.service
- rpcbind.service
- mound.service
And also allow these services on server firewall:
# firewall-cmd --permanent --add-service=nfs
# firewall-cmd --permanent --add-service=rpcbind
# firewall-cmd --permanent --add-service=mountd
# firewall-cmd --reload
edited Sep 11 '16 at 10:28
dr01
16.3k115275
answered Sep 11 '16 at 6:19
Aditya.VAditya.V
311
add a comment |
After configuring NFS server we should enable and start three services:
- nfs-server.service
- rpcbind.service
- mound.service
And also allow these services on server firewall:
# firewall-cmd --permanent --add-service=nfs
# firewall-cmd --permanent --add-service=rpcbind
# firewall-cmd --permanent --add-service=mountd
# firewall-cmd --reload
edited Sep 11 '16 at 10:28
dr01
16.3k115275
answered Sep 11 '16 at 6:19
Aditya.VAditya.V
311
add a comment |
After configuring NFS server we should enable and start three services:
- nfs-server.service
- rpcbind.service
- mound.service
And also allow these services on server firewall:
# firewall-cmd --permanent --add-service=nfs
# firewall-cmd --permanent --add-service=rpcbind
# firewall-cmd --permanent --add-service=mountd
# firewall-cmd --reload
edited Sep 11 '16 at 10:28
dr01
16.3k115275
answered Sep 11 '16 at 6:19
Aditya.VAditya.V
311
After configuring NFS server we should enable and start three services:
- nfs-server.service
- rpcbind.service
- mound.service
And also allow these services on server firewall:
# firewall-cmd --permanent --add-service=nfs
# firewall-cmd --permanent --add-service=rpcbind
# firewall-cmd --permanent --add-service=mountd
# firewall-cmd --reload
edited Sep 11 '16 at 10:28
dr01
16.3k115275
answered Sep 11 '16 at 6:19
Aditya.VAditya.V
311
edited Sep 11 '16 at 10:28
dr01
16.3k115275
edited Sep 11 '16 at 10:28
dr01
16.3k115275
edited Sep 11 '16 at 10:28
dr01
16.3k115275
16.3k115275
answered Sep 11 '16 at 6:19
Aditya.VAditya.V
311
answered Sep 11 '16 at 6:19
Aditya.VAditya.V
311
answered Sep 11 '16 at 6:19
Aditya.VAditya.V
311
311
add a comment |
add a comment |
I use nfsv4 and works fine with those lines, supposing your zone is "public" and you are using the default ports 2049 and 4001
firewall-cmd --permanent --add-service=nfs --zone=public
firewall-cmd --permanent --add-service=mountd --zone=public
firewall-cmd --permanent --add-service=rpc-bind --zone=public
firewall-cmd --permanent --add-port=4001/udp --zone=public
firewall-cmd --permanent --add-port=4001/tcp --zone=public
firewall-cmd --permanent --add-port=2049/tcp --zone=public
firewall-cmd --permanent --add-port=2049/udp --zone=public
firewall-cmd --reload
answered Mar 3 at 9:44
elbarnaelbarna
4,243124086
add a comment |
I use nfsv4 and works fine with those lines, supposing your zone is "public" and you are using the default ports 2049 and 4001
firewall-cmd --permanent --add-service=nfs --zone=public
firewall-cmd --permanent --add-service=mountd --zone=public
firewall-cmd --permanent --add-service=rpc-bind --zone=public
firewall-cmd --permanent --add-port=4001/udp --zone=public
firewall-cmd --permanent --add-port=4001/tcp --zone=public
firewall-cmd --permanent --add-port=2049/tcp --zone=public
firewall-cmd --permanent --add-port=2049/udp --zone=public
firewall-cmd --reload
answered Mar 3 at 9:44
elbarnaelbarna
4,243124086
add a comment |
I use nfsv4 and works fine with those lines, supposing your zone is "public" and you are using the default ports 2049 and 4001
firewall-cmd --permanent --add-service=nfs --zone=public
firewall-cmd --permanent --add-service=mountd --zone=public
firewall-cmd --permanent --add-service=rpc-bind --zone=public
firewall-cmd --permanent --add-port=4001/udp --zone=public
firewall-cmd --permanent --add-port=4001/tcp --zone=public
firewall-cmd --permanent --add-port=2049/tcp --zone=public
firewall-cmd --permanent --add-port=2049/udp --zone=public
firewall-cmd --reload
answered Mar 3 at 9:44
elbarnaelbarna
4,243124086
I use nfsv4 and works fine with those lines, supposing your zone is "public" and you are using the default ports 2049 and 4001
firewall-cmd --permanent --add-service=nfs --zone=public
firewall-cmd --permanent --add-service=mountd --zone=public
firewall-cmd --permanent --add-service=rpc-bind --zone=public
firewall-cmd --permanent --add-port=4001/udp --zone=public
firewall-cmd --permanent --add-port=4001/tcp --zone=public
firewall-cmd --permanent --add-port=2049/tcp --zone=public
firewall-cmd --permanent --add-port=2049/udp --zone=public
firewall-cmd --reload
answered Mar 3 at 9:44
elbarnaelbarna
4,243124086
answered Mar 3 at 9:44
elbarnaelbarna
4,243124086
answered Mar 3 at 9:44
elbarnaelbarna
4,243124086
answered Mar 3 at 9:44
elbarnaelbarna
4,243124086
4,243124086
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f243756%2fnfs-servers-and-firewalld%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
