nfs vs the firewall
by taylorkh from LinuxQuestions.org on (#5ECBQ)
Actually it may not be nfs itself but showmount.
I have a LinuxMint 20 box with nfs-kernel-server installed. I have a directory /data exported in /etc/exportsCode:/data 10.42.0.0/24(rw,sync,no_subtree_check)On that machine I can see the exportCode:ken@taylor30:~$ showmount -e
Export list for taylor30:
/data 10.42.0.0/24However, on a second machine on the networkCode:ken@vmMintMate19:~/Desktop$ showmount -e taylor30
clnt_create: RPC: Port mapper failure - Unable to receive: errno 113 (No route to host)If I disable the firewall on the nfs machine I can see the exports from the remote machineCode:ken@vmMintMate19:~/Desktop$ showmount -e taylor30
Export list for taylor30:
/data 10.42.0.0/24The interesting bit comes in when I attempt to mount the exported directory to the remote machine - with the firewall running. It connects fine and I have read/write accessCode:ken@vmMintMate19:~/Desktop$ sudo mount taylor30:/data/ /ken
ken@vmMintMate19:~/Desktop$ ls /ken
lost+found _vmland
ken@vmMintMate19:~/Desktop$ touch /ken/me
ken@vmMintMate19:~/Desktop$ ls /ken
lost+found me _vmlandI have installed firewalld and firewall-config on the nfs machine as I am more familiar with them than ufw/gufw. I have uninstalled the latter. I have the default zone set to "internal" and I have enabled the nfs, ssh and vnc-server services. As simple as that. In some situations the failure of showmount might be a good thing security wise and I really do not need it as I KNOW the nfs exports which I wish to mount. Still, I am curious. The showmount -e command is common to instructions for setting up nfs so as to see that the exports are available.
What do I need to open in the firewall?
TIA,
Ken
I have a LinuxMint 20 box with nfs-kernel-server installed. I have a directory /data exported in /etc/exportsCode:/data 10.42.0.0/24(rw,sync,no_subtree_check)On that machine I can see the exportCode:ken@taylor30:~$ showmount -e
Export list for taylor30:
/data 10.42.0.0/24However, on a second machine on the networkCode:ken@vmMintMate19:~/Desktop$ showmount -e taylor30
clnt_create: RPC: Port mapper failure - Unable to receive: errno 113 (No route to host)If I disable the firewall on the nfs machine I can see the exports from the remote machineCode:ken@vmMintMate19:~/Desktop$ showmount -e taylor30
Export list for taylor30:
/data 10.42.0.0/24The interesting bit comes in when I attempt to mount the exported directory to the remote machine - with the firewall running. It connects fine and I have read/write accessCode:ken@vmMintMate19:~/Desktop$ sudo mount taylor30:/data/ /ken
ken@vmMintMate19:~/Desktop$ ls /ken
lost+found _vmland
ken@vmMintMate19:~/Desktop$ touch /ken/me
ken@vmMintMate19:~/Desktop$ ls /ken
lost+found me _vmlandI have installed firewalld and firewall-config on the nfs machine as I am more familiar with them than ufw/gufw. I have uninstalled the latter. I have the default zone set to "internal" and I have enabled the nfs, ssh and vnc-server services. As simple as that. In some situations the failure of showmount might be a good thing security wise and I really do not need it as I KNOW the nfs exports which I wish to mount. Still, I am curious. The showmount -e command is common to instructions for setting up nfs so as to see that the exports are available.
What do I need to open in the firewall?
TIA,
Ken