[mythtv-users] NFS issue

Harry Devine lifter89 at comcast.net
Sat Sep 15 00:41:03 UTC 2007 

-------------- Original message -------------- 
From: "Nick Morrott" <knowledgejunkie at gmail.com> 

> On 13/09/2007, Harry Devine wrote: 
> 
> > Here is the output of my iptables -L: 
> 
> 
> 
> > -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 111 -j 
> > ACCEPT 
> > 
> > -A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 111 -j 
> > ACCEPT 
> > 
> > -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 2049 -j 
> > ACCEPT 
> > 
> > -A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 2049 -j 
> > ACCEPT 
> > 
> > -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited 
> 
> I think the problem is that only ports 111 and 2049 are being allowed 
> by the current ruleset, and the other necessary ports for NFS (which 
> rpcinfo -p will show, and the link I posted shows how to control) are 
> still closed. 
> 
> To verify this, check the output of rpcinfo and look for the port 
> entries for status, mountd, rquotad, and lockmgr. Create firewall 
> rules which ACCEPT these ports (udp/tcp per rpcinfo) and restart the 
> firewall without restarting NFS. You should now be able to connect to 
> the exported volume from your client. 
> 
> -- 
> Nick Morrott 
> 
> MythTV Official wiki: 
> http://mythtv.org/wiki/ 
> MythTV users list archive: 
> http://www.gossamer-threads.com/lists/mythtv/users 
> 
> "An investment in knowledge always pays the best interest." - Benjamin Franklin 
> _______________________________________________ 
> mythtv-users mailing list 
> mythtv-users at mythtv.org 
> http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users 

FYI:  That suggestion worked!!!!  I just mapped my NFS share from my Myth box.  I added the following NFS information to my firewall (as per rpcinfo -p):

status      TCP port 881/UDP port 878
rquotad   TCP port 844/UDP port 841
mountd    TCP port 883/UDP port 880
nlockmgr TCP port 50560/UDP port 32768

So, now it's working.  What bothers me is that when I setup the boxes, I checked the checkbox for NFS on the firewall setup, yet ALL of the required ports weren't added to iptables.  One would think that if they wanted to allow NFS thru, then ALL NFS-related ports would be allowed in the firewall.  Oh, well.  Wishful thinking, I suppose.

Thank you very much for the help, time, and suggestions!
Harry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mythtv.org/pipermail/mythtv-users/attachments/20070915/ae5a03bc/attachment.htm

More information about the mythtv-users mailing list