* Three ports required for nfs mounting?
@ 2006-01-27 4:09 Peter M Kekenes-Huskey
2006-01-27 13:59 ` Joshua Baker-LePain
0 siblings, 1 reply; 3+ messages in thread
From: Peter M Kekenes-Huskey @ 2006-01-27 4:09 UTC (permalink / raw)
To: nfs
Hi
I currently use guarddog/firestarter (on different machines) to
configure my iptables. When activated, although ports 111 and 2049 were
freed for nfs, i was unable to mount shared volumes from a remote host.
After scanning my tcpdump outputs, it came to my attention that an
additional port (861 in this case) needed to be opened to allow
mounting:
< 10.1.1.2 is the remote computer, 10.1.1.3 is the nfs host>
19:55:09.466230 10.1.1.3.111 > 10.1.1.2.32798: F [tcp sum ok] 33:33(0)
ack 62 win 5840 (DF) (ttl 64, id 9328, len 40)
19:55:09.466345 10.1.1.2.32798 > 10.1.1.3.111: . [tcp sum ok] 62:62(0)
ack 34 win 5840 (DF) (ttl 64, id 64023, len 40)
19:55:12.465733 10.1.1.2.32799 > 10.1.1.3.861: S [tcp sum ok]
362674659:362674659(0) win 5840 <mss 1460> (DF) (ttl 64, id 49614, len
44)
19:55:20.621919 10.1.1.3.2406888837 > 10.1.1.2.2049: 104 getattr [|nfs]
(DF) (ttl 64, id 5800, len 132)
Once 861 was freed, all was well. However, sharing different volumes
requires freeing different ports, not just 861. Does anyone understand
why this happens?
pete
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
NFS maillist - NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Three ports required for nfs mounting?
2006-01-27 4:09 Three ports required for nfs mounting? Peter M Kekenes-Huskey
@ 2006-01-27 13:59 ` Joshua Baker-LePain
0 siblings, 0 replies; 3+ messages in thread
From: Joshua Baker-LePain @ 2006-01-27 13:59 UTC (permalink / raw)
To: Peter M Kekenes-Huskey; +Cc: nfs
On Thu, 26 Jan 2006 at 8:09pm, Peter M Kekenes-Huskey wrote
> I currently use guarddog/firestarter (on different machines) to
> configure my iptables. When activated, although ports 111 and 2049 were
> freed for nfs, i was unable to mount shared volumes from a remote host.
> After scanning my tcpdump outputs, it came to my attention that an
> additional port (861 in this case) needed to be opened to allow
> mounting:
>
> < 10.1.1.2 is the remote computer, 10.1.1.3 is the nfs host>
>
> 19:55:09.466230 10.1.1.3.111 > 10.1.1.2.32798: F [tcp sum ok] 33:33(0)
> ack 62 win 5840 (DF) (ttl 64, id 9328, len 40)
> 19:55:09.466345 10.1.1.2.32798 > 10.1.1.3.111: . [tcp sum ok] 62:62(0)
> ack 34 win 5840 (DF) (ttl 64, id 64023, len 40)
> 19:55:12.465733 10.1.1.2.32799 > 10.1.1.3.861: S [tcp sum ok]
> 362674659:362674659(0) win 5840 <mss 1460> (DF) (ttl 64, id 49614, len
> 44)
> 19:55:20.621919 10.1.1.3.2406888837 > 10.1.1.2.2049: 104 getattr [|nfs]
> (DF) (ttl 64, id 5800, len 132)
>
> Once 861 was freed, all was well. However, sharing different volumes
> requires freeing different ports, not just 861. Does anyone understand
> why this happens?
http://nfs.sourceforge.net/nfs-howto/security.html#FIREWALLS
--
Joshua Baker-LePain
Department of Biomedical Engineering
Duke University
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
NFS maillist - NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs
^ permalink raw reply [flat|nested] 3+ messages in thread
* Three ports required for nfs mounting?
@ 2006-01-27 4:20 pete huskey
0 siblings, 0 replies; 3+ messages in thread
From: pete huskey @ 2006-01-27 4:20 UTC (permalink / raw)
To: nfs
Hi
I currently use guarddog/firestarter (on different machines) to
configure my iptables. When activated, although ports 111 and 2049 were
freed for nfs, i was unable to mount shared volumes from a remote host.
After scanning my tcpdump outputs, it came to my attention that an
additional port (861 in this case) needed to be opened to allow
mounting:
< 10.1.1.2 is the remote computer, 10.1.1.3 is the nfs host>
19:55:09.466230 10.1.1.3.111 > 10.1.1.2.32798: F [tcp sum ok] 33:33(0)
ack 62 win 5840 (DF) (ttl 64, id 9328, len 40)
19:55:09.466345 10.1.1.2.32798 > 10.1.1.3.111: . [tcp sum ok] 62:62(0)
ack 34 win 5840 (DF) (ttl 64, id 64023, len 40)
19:55:12.465733 10.1.1.2.32799 > 10.1.1.3.861: S [tcp sum ok]
362674659:362674659(0) win 5840 <mss 1460> (DF) (ttl 64, id 49614, len
44)
19:55:20.621919 10.1.1.3.2406888837 > 10.1.1.2.2049: 104 getattr [|nfs]
(DF) (ttl 64, id 5800, len 132)
Once 861 was freed, all was well. However, sharing different volumes
requires freeing different ports, not just 861. Does anyone understand
why this happens?
pete
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
NFS maillist - NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2006-01-27 13:59 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2006-01-27 4:09 Three ports required for nfs mounting? Peter M Kekenes-Huskey
2006-01-27 13:59 ` Joshua Baker-LePain
2006-01-27 4:20 pete huskey
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.