On 11/17/19 9:42 PM, Patrick O'Callaghan wrote: > On Sun, 2019-11-17 at 08:48 +0800, Ed Greshko wrote: >> On 11/17/19 8:35 AM, Ed Greshko wrote: >>> On 11/17/19 2:48 AM, Patrick O'Callaghan wrote: >>>> But from the guest: >>>> [poc@fedora30 ~]$ showmount -e bree >>>> clnt_create: RPC: Unable to receive >>>> >>>> What am I missing? >>> OK, I put up an nfs server on the host and get the same error. >>> >>> If I disable the firewall on the host, it succeeds. >>> >>> Strangely, looking at wireshark output it seems port 111 is unreachable. Even if I explicitly enable that port >>> the problem persists. >>> >> OK, I fixed it.... >> >> I put the interface virbr0 in the FW zone libvirt. >> >> On the host... >> >> [root@meimei ~]# firewall-cmd --list-all --zone=libvirt >> libvirt (active) >> target: ACCEPT >> icmp-block-inversion: no >> interfaces: virbr0 >> sources: >> services: dhcp dhcpv6 dns mountd nfs nfs3 rpc-bind ssh tftp >> ports: >> protocols: icmp ipv6-icmp >> masquerade: no >> forward-ports: >> source-ports: >> icmp-blocks: >> rich rules: >> rule priority="32767" reject > That did it. In fact virbr0 was already in the libvirt zone, but the > various NFS services were not installed there. > > This stuff is definitely not obvious. Note that you have to repeat the > service additions with the --permanent flag or it will all be lost on > the next reboot. > > Thanks Ed. > Welcome. In the process I learned that "firewall-cmd --get-active-zones" would have shown the missing information sooner and I would have edited the correct zone. :-) -- The key to getting good answers is to ask good questions. _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
