<html><body>
<DIV>-------------- Original message -------------- <BR>From: "Nick Morrott" <knowledgejunkie@gmail.com> <BR><BR>> On 12/09/2007, Nick Morrott <KNOWLEDGEJUNKIE@GMAIL.COM>wrote: <BR>> > On 12/09/2007, Harry Devine <LIFTER89@COMCAST.NET>wrote: <BR>> > <BR>> > > I checked rpcinfo on both machines and saw that the correct ports are being <BR>> > > used. I added port 111 to both firewalls (the Myth box and the NFS server) <BR>> > > and restarted both, but I still cannot connect. When I try mounting the <BR>> > > share from my Myth box now, I get the following timeout errors: <BR>> > > <BR>> > > mount: mount to NFS server '192.168.1.102' failed: timed <BR>> > > out (retrying) <BR>> > > <BR>> > > It does this 4 times and gives up on the 5th. Nothing shows up in <BR>> > > /var/log/messages or /var/log/secure on the NFS server. I can successfully <BR>> > > SSH over to the
NFS server from my Myth box, and ping works as well. Also, <BR>> > > I did look at the link that you provided, but nothing in there seemed to <BR>> > > apply too well (I'm running FC6 & Myth installed by MythDora 4.0). <BR>> > <BR>> > It looks like the firwall is silently dropping the packages, resulting <BR>> > in the timeouts. Perhaps you might post the output of 'iptables -L' so <BR>> > we can see if there's any obvious rule accounting for this behaviour. <BR>> <BR>> It may also be the firewall silently dropping the packets... <BR>> <BR>> Perhaps you could update your rules to send the reject/drop packets to <BR>> a log target first, so at least you can see which rule is causing the <BR>> problem if analysis of your iptables listing does not help? <BR>> <BR>> -- <BR>> Nick Morrott <BR>> <BR>> MythTV Official wiki: <BR>> http://mythtv.org/wiki/ <BR>> MythTV users list archive: <BR>> http://www
.gossamer-threads.com/lists/mythtv/users <BR>> <BR>> "An investment in knowledge always pays the best interest." - Benjamin Franklin <BR>> _______________________________________________ <BR>> mythtv-users mailing list <BR>> mythtv-users@mythtv.org <BR>> <A href="http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users">http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users</A> </DIV>
<DIV> </DIV>
<DIV>Here is the output of my iptables -L:</DIV>
<DIV> </DIV>
<DIV>Chain INPUT (policy ACCEPT)<BR>target prot opt source destination <BR>RH-Firewall-1-INPUT all -- anywhere anywhere </DIV>
<DIV>Chain FORWARD (policy ACCEPT)<BR>target prot opt source destination <BR>RH-Firewall-1-INPUT all -- anywhere anywhere </DIV>
<DIV>Chain OUTPUT (policy ACCEPT)<BR>target prot opt source destination </DIV>
<DIV>Chain RH-Firewall-1-INPUT (2 references)<BR>target prot opt source destination <BR>ACCEPT all -- anywhere anywhere <BR>ACCEPT icmp -- anywhere anywhere icmp any <BR>ACCEPT esp -- anywhere anywhere <BR>ACCEPT ah -- anywhere &
nbsp; anywhere <BR>ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns <BR>ACCEPT udp -- anywhere anywhere udp dpt:ipp <BR>ACCEPT tcp -- anywhere anywhere tcp dpt:ipp <BR>ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED <BR>ACCEPT 
; tcp -- anywhere anywhere state NEW tcp dpt:ssh <BR>ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http <BR>ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp <BR>ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:sunrpc <BR>ACCEPT udp -- anywhere  
; anywhere state NEW udp dpt:sunrpc <BR>ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:nfs <BR>ACCEPT udp -- anywhere anywhere state NEW udp dpt:nfs <BR>REJECT all -- anywhere anywhere reject-with icmp-host-prohibited <BR></DIV>
<DIV>Here is the actual iptables file, which gets loaded when the iptables service starts:</DIV>
<DIV> </DIV>
<DIV><FONT size=2>
<P># Generated by iptables-save v1.3.8 on Tue Sep 11 20:07:38 2007</P>
<P>*filter</P>
<P>:INPUT ACCEPT [0:0]</P>
<P>:FORWARD ACCEPT [0:0]</P>
<P>:OUTPUT ACCEPT [9440:1383696]</P>
<P>:RH-Firewall-1-INPUT - [0:0]</P>
<P>-A INPUT -j RH-Firewall-1-INPUT </P>
<P>-A FORWARD -j RH-Firewall-1-INPUT </P>
<P>-A RH-Firewall-1-INPUT -i lo -j ACCEPT </P>
<P>-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT </P>
<P>-A RH-Firewall-1-INPUT -p esp -j ACCEPT </P>
<P>-A RH-Firewall-1-INPUT -p ah -j ACCEPT </P>
<P>-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT </P>
<P>-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT </P>
<P>-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT </P>
<P>-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT </P>
<P>-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT </P>
<P>-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT </P>
<P>-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT</P>
<P>-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 111 -j ACCEPT</P>
<P>-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 111 -j ACCEPT </P>
<P>-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 2049 -j ACCEPT </P>
<P>-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 2049 -j ACCEPT </P>
<P>-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited </P>
<P>COMMIT</P>
<P># Completed on Tue Sep 11 20:07:38 2007</P>
<P>Thanks for the help!</P>
<P>Harry</P></FONT></DIV></body></html>