Thread: mounting an NFS filesystem with iptables
View Single Post

  #1 (permalink)  
Old 11-29-2007, 08:26 AM
natashak natashak is offline
Junior Member
User
  
Join Date: Nov 2007
My distro: CentOS 5
Posts: 2
Rep Power: 0
natashak is on a distinguished road
Default mounting an NFS filesystem with iptables
I'm a newbie... I haven't found an answer to this one after a day on google, so help (or suggestions for where to look) would be deeply appreciated.

I have CentOS version 5.

I'm trying to mount the /home directory of linux box M (IP address 128.xx.xx.1) on linux box clients I and U (IP addresses 128.x.x.2 and .3). I've added lines in /etc/fstab, /etc/exports, and /etc/sysconfig/iptables, and I've found that it all works perfectly if M's firewall is disabled, but I can't get it to work with the firewall on (even when U and I's firewalls are active). I assume this means I and U are configured correctly, but M's firewall is stopping the transfer.

Portmapper, nfs, iptables are all active, and I've restarted all the services a number of times at different stages of fiddling.

My guess is it has something to do with assigning ports - I've seen some people mentioning this, but I'm not sure how to do this or what files are important. Using the -dport command in the iptables? But how do you know which port to route it to if so? Nothing I've tried has worked...

Thanks very much!

Here's some info on my system:
************************************************** *****
On the clients, /etc/fstab file has the line:
128.xx.xx.1:/home /home nfs rw 0 0
************************************************** *****
> iptables -L -n
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 128.xx.xx.2
ACCEPT all -- 0.0.0.0/0 128.xx.xx.3

Chain RH-Firewall-1-INPUT (2 reference
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:631
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2049
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
************************************************** **************
[root@M]# rpcinfo -p
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 638 status
100024 1 tcp 641 status
100011 1 udp 923 rquotad
100011 2 udp 923 rquotad
100011 1 tcp 923 rquotad
100011 2 tcp 923 rquotad
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100021 1 udp 32793 nlockmgr
100021 3 udp 32793 nlockmgr
100021 4 udp 32793 nlockmgr
100021 1 tcp 56882 nlockmgr
100021 3 tcp 56882 nlockmgr
100021 4 tcp 56882 nlockmgr
100005 1 udp 922 mountd
100005 1 tcp 922 mountd
100005 2 udp 922 mountd
100005 2 tcp 922 mountd
100005 3 udp 922 mountd
100005 3 tcp 922 mountd
************************************************** ***
> cat /etc/exports
/home 128.xx.xx.2(rw) 128.xx.xx.3(rw)




Thanks!!
Reply With Quote