-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 25 Apr 2003 18:55:34 -0400, Joseph Tate wrote: > I've got a RHL 9 install with all updates applied on a Dell Poweredge > 2650 (Dual Xeon 2.0Ghz). I've got a couple of NFS mount points set up: > /nfs/redhat 10.2.2.0/255.255.255.240(async) > /nfs/home 10.2.2.0/255.255.255.240(rw,async,no_root_squash) > The server has dual BroadCom NetXtreme Gigabit Ethernet Adapters. It > seems to like the tg3 driver module better than the bcm5700 drivers. > eth0 is configured as a static IP as 10.2.2.2. Eth1 is currently set up > using DHCP. I set up iptables using lokkit so that eth0 was trusted. > /etc/sysconfig/iptables is included below: > *filter > :INPUT ACCEPT [0:0] > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [0:0] > :RH-Lokkit-0-50-INPUT - [0:0] > -A INPUT -j RH-Lokkit-0-50-INPUT > -A FORWARD -j RH-Lokkit-0-50-INPUT > -A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT > -A RH-Lokkit-0-50-INPUT -i eth0 -j ACCEPT > -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --syn -j REJECT > -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 --syn -j REJECT > -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT > -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 -j REJECT > -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 6000:6009 --syn -j REJECT > -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 --syn -j REJECT > COMMIT > The NFS clients are RHL 7.3 with all updates applied and have 10.2.2.x > static IPs on eth0 (identical hardware). They're running ipchains, but > also have eth0 trusted. Their fstab entries look like: > cheetah-int:/nfs/home /home nfs defaults 0 0 > cheetah-int:/nfs/redhat /redhat nfs defaults 0 0 > cheetah-int is resolvable via /etc/hosts as: > 10.2.2.2 cheetah-int > I've made sure that statd and portmapper are running on both systems. > When I boot the client servers, I get the following message during the > mounting remote filesystems stage: > mount: RPC: Port mapper failure - RPC: Unable to receive > I receive it twice actually, once for each mount point. Nothing appears > in /var/log/messages on the server. > > Here's the kicker. After the server has finished booting, mount -a will > usually succeed. No modification needed. Also, if I run "/sbin/service > iptables stop" on the server, it will successfully mount the NFS > directories during bootup. Sometimes mount -a will still fail, with the > same message I receive at boot, continuously, but restarting ipchains or > portmap will "fix" it so that mount -a succeeds. > > I really need these file systems to be mounted at boot time. Eth1 will > be connected to an external network, and therefore must have iptables > protecting it. Any suggestions? Having noticed your iptables bug report (bugzilla #90064), what makes you think iptables is to blame? Can you give some details with regard to your routing table (netstat -nr) and NIC config (ifconfig - -a) for both server and a test-client and your attempts on debugging whether iptables or ipchains (on the clients) is the cause of it? For instance, on the NFS server, if you add a log rule right after the "trust eth0" rule, -A RH-Lokkit-0-50-INPUT -i eth0 -j ACCEPT -A RH-Lokkit-0-50-INPUT -i eth0 -j LOG --log-level alert do you see anything in the logs upon booting an NFS client? Or what makes you assume iptables blocks anything from eth0? > After the server has finished booting, mount -a will > usually succeed. Since you refer to "server" and "client servers", what server is referred to here? > Also, if I run "/sbin/service iptables stop" on the server, > it will successfully mount the NFS directories during bootup. it = client? - -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+saJU0iMVcrivHFQRAkmzAJ4imfODw11QFA2Uq6oQdUab/UNt2gCfaS3c WNaZEVqD8aiXjl6vQHJ4cW0= =ctV4 -----END PGP SIGNATURE-----
