[mythtv-users] NFS issue

Harry Devine lifter89 at comcast.net
Thu Sep 13 00:32:20 UTC 2007 

-------------- Original message -------------- 
From: "Nick Morrott" <knowledgejunkie at gmail.com> 

> On 12/09/2007, Nick Morrott wrote: 
> > On 12/09/2007, Harry Devine wrote: 
> > 
> > > I checked rpcinfo on both machines and saw that the correct ports are being 
> > > used. I added port 111 to both firewalls (the Myth box and the NFS server) 
> > > and restarted both, but I still cannot connect. When I try mounting the 
> > > share from my Myth box now, I get the following timeout errors: 
> > > 
> > > mount: mount to NFS server '192.168.1.102' failed: timed 
> > > out (retrying) 
> > > 
> > > It does this 4 times and gives up on the 5th. Nothing shows up in 
> > > /var/log/messages or /var/log/secure on the NFS server. I can successfully 
> > > SSH over to the NFS server from my Myth box, and ping works as well. Also, 
> > > I did look at the link that you provided, but nothing in there seemed to 
> > > apply too well (I'm running FC6 & Myth installed by MythDora 4.0). 
> > 
> > It looks like the firwall is silently dropping the packages, resulting 
> > in the timeouts. Perhaps you might post the output of 'iptables -L' so 
> > we can see if there's any obvious rule accounting for this behaviour. 
> 
> It may also be the firewall silently dropping the packets... 
> 
> Perhaps you could update your rules to send the reject/drop packets to 
> a log target first, so at least you can see which rule is causing the 
> problem if analysis of your iptables listing does not help? 
> 
> -- 
> Nick Morrott 
> 
> MythTV Official wiki: 
> http://mythtv.org/wiki/ 
> MythTV users list archive: 
> http://www.gossamer-threads.com/lists/mythtv/users 
> 
> "An investment in knowledge always pays the best interest." - Benjamin Franklin 
> _______________________________________________ 
> mythtv-users mailing list 
> mythtv-users at mythtv.org 
> http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users 

Here is the output of my iptables -L:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
RH-Firewall-1-INPUT  all  --  anywhere             anywhere            
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
RH-Firewall-1-INPUT  all  --  anywhere             anywhere            
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     icmp --  anywhere             anywhere            icmp any 
ACCEPT     esp  --  anywhere             anywhere            
ACCEPT     ah   --  anywhere             anywhere            
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp 
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:http 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ftp 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:sunrpc 
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:sunrpc 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:nfs 
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:nfs 
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 

Here is the actual iptables file, which gets loaded when the iptables service starts:

# Generated by iptables-save v1.3.8 on Tue Sep 11 20:07:38 2007
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [9440:1383696]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT 
-A FORWARD -j RH-Firewall-1-INPUT 
-A RH-Firewall-1-INPUT -i lo -j ACCEPT 
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT 
-A RH-Firewall-1-INPUT -p esp -j ACCEPT 
-A RH-Firewall-1-INPUT -p ah -j ACCEPT 
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT 
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT 
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT 
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT 
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT 
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 111 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 111 -j ACCEPT 
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 2049 -j ACCEPT 
-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 2049 -j ACCEPT 
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited 
COMMIT
# Completed on Tue Sep 11 20:07:38 2007
Thanks for the help!
Harry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mythtv.org/pipermail/mythtv-users/attachments/20070913/fb74da7c/attachment.htm

More information about the mythtv-users mailing list