On 4/24/05, Sean O'Connell <oconnell@xxxxxxxxxxxx> wrote:
> On Sun, 2005-04-24 at 20:28 +0200, Angelo Machils wrote:
> > Hello there!
> >
> > Perhaps this is a little off-topic, but I notice this only on the Centos
> > box.
> > I'm running Centos 4 on an AMD64 which has the following entries in the
> > fstab to connect to NFS shares on a Fedora3 box:
> > 192.168.1.12:/home/angelo/ /home/angelo/NFS_share1 nfs
> > rw,addr=192.168.1.12 0 0
> > 192.168.1.12:/home/angelo/data /home/angelo/NFS_share2 nfs
> > rw,addr=192.168.1.12 0 0
> > 192.168.1.12:/home/angelo/data2 /home/angelo/NFS_share3 nfs
> > rw,addr=192.168.1.12 0 0
> > I have opened ports 111 (TCP), 648 (TCP), 651 (TCP) and 2049 (TCP and
> > UDP) in iptables on the FC3 box and I can connect to them, but after a
> > while I seem to loose the connection to the shares.
> > When I try to move into them while in a console I get the error:
> > bash: cd: NFS_share1: Input/output error
> > In Nautilus I don't even see the directories anymore and in
> > /var/log/messages I get this error msgs:
> > Apr 24 20:17:02 solaris kernel: RPC: garbage, exit EIO
> > There are not entries in the /var/log/messages on the FC3 box.
> > If I manually umount them and then mount them again, I can use them
> > again for a while....
> > The exports file on the FC3 box looks like this:
> > [root@imhotep etc]# more exports
> > /home/angelo 192.168.1.*(rw,sync)
> > /home/angelo/data 192.168.1.*(rw,sync)
> > /home/angelo/data2 192.168.1.*(rw,sync)
> >
> > Anyone any idea what is wrong here?
>
> Angelo-
>
> I have found that you need to allow higher numbered tcp ports
> (32768:65535) through on both the server and client to make rpc
> connections happy. I have also had to allow a range of ports in between
> 600:1024 UDP range on the server to make things happy (though, this was
> with older NFS implementations). It's possible that you need to open up
> more ports on the server. One thing to do would be to add a log rule to
> your iptables rules on the client and server and see what is being
> dropped when the client mount hangs.
>
Just another thought. Google will provide you with references to some
modifications to the NFS set of programs to make them play nice with a
firewall, ie use only certain pre-determined ports. I haven't reviewed
that in a year or so, so I'm not sure how current the information is.
--
Collins
When I saw the Iraqi people voting three weeks ago, 8 million of them,
it was the start of a new Arab world.... The Berlin Wall has fallen.
- Lebanese Druze leader Walid Jumblatt
