On Wed, 21 May 2008 07:58:13 -0400 "Talpey, Thomas" <Thomas.Talpey@xxxxxxxxxx> wrote: > At 07:20 AM 5/21/2008, Erik Hensema / HostingXS Internet Services wrote: > >So I granted 192.168.200.45 access to the portmapper on voyager, and > >most clients were unstuck. I updated hosts.allow on most clients to > >grant access to the portmapper now. > > > >Now I still have about 4 clients which can't lock rrd files. > ... > > > >Everything is NFSv3 by the way. Most clients are opensuse 10.2 (kernel > >2.6.18.8), server is opensuse 10.3 (kernel 2.6.22.17). > > You need to grant access to the client's portmap, nlm and statd ports > in order for the server to call back with locking operations. Unfortunately, > only portmap is at a well-known port (111). The nlm and statd ports are > dynamically selected, and receive random high numbered port values. > > They are then advertised in portmap so if you are concerned about opening > up an entire port range to the servers, you can see these with "rpcinfo -p". > This command will show them under the names "nlockmgr" and "status" > respectively. Remember these ports may change at every boot. > > Also be aware that "statd" is a kernel process on opensuse. Most other > distros have rpc.statd as a user process. > It's also possible to statically set ports for each of these services (though I'm not certain about SUSE's in-kernel statd). This is what you want to be doing if you're going to have firewalls between NFS servers and clients. With RH/Fedora distros, this is generally set up in /etc/sysconfig/nfs, but I'm not sure how SUSE does it... -- Jeff Layton <jlayton@xxxxxxxxxx> ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ NFS maillist - NFS@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/nfs _______________________________________________ Please note that nfs@xxxxxxxxxxxxxxxxxxxxx is being discontinued. Please subscribe to linux-nfs@xxxxxxxxxxxxxxx instead. http://vger.kernel.org/vger-lists.html#linux-nfs -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
