[mythtv-users] NFS issue
Harry Devine
lifter89 at comcast.net
Thu Sep 13 00:32:20 UTC 2007
-------------- Original message --------------
From: "Nick Morrott" <knowledgejunkie at gmail.com>
> On 12/09/2007, Nick Morrott wrote:
> > On 12/09/2007, Harry Devine wrote:
> >
> > > I checked rpcinfo on both machines and saw that the correct ports are being
> > > used. I added port 111 to both firewalls (the Myth box and the NFS server)
> > > and restarted both, but I still cannot connect. When I try mounting the
> > > share from my Myth box now, I get the following timeout errors:
> > >
> > > mount: mount to NFS server '192.168.1.102' failed: timed
> > > out (retrying)
> > >
> > > It does this 4 times and gives up on the 5th. Nothing shows up in
> > > /var/log/messages or /var/log/secure on the NFS server. I can successfully
> > > SSH over to the NFS server from my Myth box, and ping works as well. Also,
> > > I did look at the link that you provided, but nothing in there seemed to
> > > apply too well (I'm running FC6 & Myth installed by MythDora 4.0).
> >
> > It looks like the firwall is silently dropping the packages, resulting
> > in the timeouts. Perhaps you might post the output of 'iptables -L' so
> > we can see if there's any obvious rule accounting for this behaviour.
>
> It may also be the firewall silently dropping the packets...
>
> Perhaps you could update your rules to send the reject/drop packets to
> a log target first, so at least you can see which rule is causing the
> problem if analysis of your iptables listing does not help?
>
> --
> Nick Morrott
>
> MythTV Official wiki:
> http://mythtv.org/wiki/
> MythTV users list archive:
> http://www.gossamer-threads.com/lists/mythtv/users
>
> "An investment in knowledge always pays the best interest." - Benjamin Franklin
> _______________________________________________
> mythtv-users mailing list
> mythtv-users at mythtv.org
> http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users
Here is the output of my iptables -L:
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:sunrpc
ACCEPT udp -- anywhere anywhere state NEW udp dpt:sunrpc
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:nfs
ACCEPT udp -- anywhere anywhere state NEW udp dpt:nfs
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Here is the actual iptables file, which gets loaded when the iptables service starts:
# Generated by iptables-save v1.3.8 on Tue Sep 11 20:07:38 2007
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [9440:1383696]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 111 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 111 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 2049 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 2049 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Tue Sep 11 20:07:38 2007
Thanks for the help!
Harry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mythtv.org/pipermail/mythtv-users/attachments/20070913/fb74da7c/attachment.htm
More information about the mythtv-users
mailing list