NFS configuration and iptables

 

 

I was in CentOS system.

After configuring NFS service, the machine test by hanging, but on the other client will appear to hang in failure, the following error message:

mount: mount to NFS server '192.168.10.20' failed: timed out (retrying).

mount: mount to NFS server '192.168.10.20' failed: timed out (retrying).

mount: mount to NFS server '192.168.10.20' failed: timed out (giving up)

 

After iptables server off, then everything hung in the normal, the iptables server reopened after dying, which is tomorrow iptables rules in mischief. Because there is no development of NFS in iptables port or NFS services are not fully open port caused.

 

NFS port are mainly used: 111- portmapper, 875 - rquotad, 892-mountd, 2049-nfs, udp: 32769-nlockmgr, tcp: 32803-nlockmgr, these ports can be added to the iptables rules.

 

Configuration process is as follows:

 

1, first modify the NFS configuration file (/ etc / sysconfig / nfs), added more ports:

        The # RQUOTAD_PORT = 875, # LOCKD_TCPPORT = 32803, # LOCKD_UDPPORT = 32769, # MOUNTD_PORT = 892, # remove the front four, save the file and exit

 

2, restart the nfs service

        service nfs restart

 

3, see the service running port-related cases, the use rpcinfo -p

     program vers proto   port  service

    100000    4   tcp    111  portmapper

    100000    3   tcp    111  portmapper

    100000    2   tcp    111  portmapper

    100000    4   udp    111  portmapper

    100000    3   udp    111  portmapper

    100000    2   udp    111  portmapper

    100024    1   udp  35093  status

    100024    1   tcp  53692  status

    100005    1   udp    892  mountd

    100005    1   tcp    892  mountd

    100005    2   udp    892  mountd

    100005    2   tcp    892  mountd

    100005    3   udp    892  mountd

    100005    3   tcp    892  mountd

    100003    2   tcp   2049  nfs

    100003    3   tcp   2049  nfs

    100003    4   tcp   2049  nfs

    100227    2   tcp   2049  nfs_acl

    100227    3   tcp   2049  nfs_acl

    100003    2   udp   2049  nfs

    100003    3   udp   2049  nfs

    100003    4   udp   2049  nfs

    100227    2   udp   2049  nfs_acl

    100227    3   udp   2049  nfs_acl

    100021    1   udp  32769  nlockmgr

    100021    3   udp  32769  nlockmgr

    100021    4   udp  32769  nlockmgr

    100021    1   tcp  32803  nlockmgr

    100021    3   tcp  32803  nlockmgr

    100021    4   tcp  32803  nlockmgr

 

4, edit / etc / sysconfig / iptables, the port was added

    -A INPUT -p tcp -m tcp --dport 111 -j ACCEPT

    -A INPUT -p udp -m udp --dport 111 -j ACCEPT

    -A INPUT -p tcp -m tcp --dport 2049 -j ACCEPT

    -A INPUT -p udp -m udp --dport 2049 -j ACCEPT

    -A INPUT -p tcp -m tcp --dport 892 -j ACCEPT

    -A INPUT -p udp -m udp --dport 892 -j ACCEPT

    -A INPUT -p tcp -m tcp --dport 875 -j ACCEPT

    -A INPUT -p udp -m udp --dport 875 -j ACCEPT

    -A INPUT -p tcp -m tcp --dport 32768 -j ACCEPT

    -A INPUT -p udp -m udp --dport 32768 -j ACCEPT

    -A INPUT -p tcp -m tcp --dport 32803 -j ACCEPT

I was in CentOS system.

After configuring NFS service, the machine test by hanging, but on the other client will appear to hang in failure, the following error message:

mount: mount to NFS server '192.168.10.20' failed: timed out (retrying).

mount: mount to NFS server '192.168.10.20' failed: timed out (retrying).

mount: mount to NFS server '192.168.10.20' failed: timed out (giving up)

 

After iptables server off, then everything hung in the normal, the iptables server reopened after dying, which is tomorrow iptables rules in mischief. Because there is no development of NFS in iptables port or NFS services are not fully open port caused.

 

NFS port are mainly used: 111- portmapper, 875 - rquotad, 892-mountd, 2049-nfs, udp: 32769-nlockmgr, tcp: 32803-nlockmgr, these ports can be added to the iptables rules.

 

Configuration process is as follows:

 

1, first modify the NFS configuration file (/ etc / sysconfig / nfs), added more ports:

        The # RQUOTAD_PORT = 875, # LOCKD_TCPPORT = 32803, # LOCKD_UDPPORT = 32769, # MOUNTD_PORT = 892, # remove the front four, save the file and exit

 

2, restart the nfs service

        service nfs restart

 

3, see the service running port-related cases, the use rpcinfo -p

     program vers proto   port  service

    100000    4   tcp    111  portmapper

    100000    3   tcp    111  portmapper

    100000    2   tcp    111  portmapper

    100000    4   udp    111  portmapper

    100000    3   udp    111  portmapper

    100000    2   udp    111  portmapper

    100024    1   udp  35093  status

    100024    1   tcp  53692  status

    100005    1   udp    892  mountd

    100005    1   tcp    892  mountd

    100005    2   udp    892  mountd

    100005    2   tcp    892  mountd

    100005    3   udp    892  mountd

    100005    3   tcp    892  mountd

    100003    2   tcp   2049  nfs

    100003    3   tcp   2049  nfs

    100003    4   tcp   2049  nfs

    100227    2   tcp   2049  nfs_acl

    100227    3   tcp   2049  nfs_acl

    100003    2   udp   2049  nfs

    100003    3   udp   2049  nfs

    100003    4   udp   2049  nfs

    100227    2   udp   2049  nfs_acl

    100227    3   udp   2049  nfs_acl

    100021    1   udp  32769  nlockmgr

    100021    3   udp  32769  nlockmgr

    100021    4   udp  32769  nlockmgr

    100021    1   tcp  32803  nlockmgr

    100021    3   tcp  32803  nlockmgr

    100021    4   tcp  32803  nlockmgr

 

4, edit / etc / sysconfig / iptables, the port was added

    -A INPUT -p tcp -m tcp --dport 111 -j ACCEPT

    -A INPUT -p udp -m udp --dport 111 -j ACCEPT

    -A INPUT -p tcp -m tcp --dport 2049 -j ACCEPT

    -A INPUT -p udp -m udp --dport 2049 -j ACCEPT

    -A INPUT -p tcp -m tcp --dport 892 -j ACCEPT

    -A INPUT -p udp -m udp --dport 892 -j ACCEPT

    -A INPUT -p tcp -m tcp --dport 875 -j ACCEPT

    -A INPUT -p udp -m udp --dport 875 -j ACCEPT

    -A INPUT -p tcp -m tcp --dport 32768 -j ACCEPT

    -A INPUT -p udp -m udp --dport 32768 -j ACCEPT

    -A INPUT -p tcp -m tcp --dport 32803 -j ACCEPT