firewall preventing NFS access

I'm trying to set up NFS on my home LAN. I'm mostly using Redhat
Fedora Core 3 (FC3). The server and client I'm working with are both
FC3.

I have the NFS server where it looks like it is working properly,
and I believe my /etc/hosts, /etc/exports, /etc.hosts.allow and
/etc/hosts.deny should all be ok.

I can ping the client from the server and vice versa.

When on the client and I try to mount an NFS directory from the server,
the mount fails. Reading the troubleshooting section of the NFS-howto, I
find the following:

If you get the error Remote system error - No route to host, but
you can ping the server correctly, then you are the victim of an
overzealous firewall. Check any firewalls that may be set up,
either on the server or on any routers in between the client and
the server. Look at the man pages for ipchains, netfilter, and
ipfwadm, as well as the IPChains-HOWTO and the Firewall-HOWTO
for help.

This describes my situation, so I assume that the firewall is the
problem. I remember during installation allowing the firewall to remain
secure, so this adds credence that this may be my problem.

When I try to do a man on ipchains, netfilter and ipfwadm as suggested,
I find that these commands are not included in the man pages on FC3.
When I scanned the IPChains-HOWTO and the Firewall-HOWTO, I was not
sure that these apply to my system.

Can anyone help with to modify the firewall so that I can allow my
NFS clients to see my NFS server?

Jim Anderson

Jim Anderson wrote:
>
> When I try to do a man on ipchains, netfilter and ipfwadm as suggested,
> I find that these commands are not included in the man pages on FC3.
> When I scanned the IPChains-HOWTO and the Firewall-HOWTO, I was not
> sure that these apply to my system.
>

man iptables - ipchains is obsolete....

Also do a iptables -L -v

this will list all the rules on your system. The iptables website and
tarball is the best source of documentation. Google for it; I don't
recall the URL offhand.

Jim Anderson <(E-Mail Removed)> wrote in news:BZHJe.3152$f.3079
@trndny09:

> When I try to do a man on ipchains, netfilter and ipfwadm as
suggested,
> I find that these commands are not included in the man pages on FC3.
> When I scanned the IPChains-HOWTO and the Firewall-HOWTO, I was not
> sure that these apply to my system.
>
> Can anyone help with to modify the firewall so that I can allow my
> NFS clients to see my NFS server?
>
> Jim Anderson

Further to the remarks by Captain Dondo. I recommend you obtain a copy
of Webmin. This allows viewing and maintaining your Netfilter/iptables
configuration (and many other things too) using a web browser.

http://www.webmin.com/

IIRC NFS requires tcp & udp ports 111, 2049 and 33333. I can't
remember if they are the normal defaults or if it was just the way we
set it up.

Klazmon.

Llanzlan Klazmon wrote:
> Jim Anderson <(E-Mail Removed)> wrote in news:BZHJe.3152$f.3079
> @trndny09:
>
>
>>When I try to do a man on ipchains, netfilter and ipfwadm as
>
> suggested,
>
>>I find that these commands are not included in the man pages on FC3.
>>When I scanned the IPChains-HOWTO and the Firewall-HOWTO, I was not
>>sure that these apply to my system.
>>
>>Can anyone help with to modify the firewall so that I can allow my
>>NFS clients to see my NFS server?
>>
>>Jim Anderson
>
>
> Further to the remarks by Captain Dondo. I recommend you obtain a copy
> of Webmin. This allows viewing and maintaining your Netfilter/iptables
> configuration (and many other things too) using a web browser.
>
> http://www.webmin.com/
>
> IIRC NFS requires tcp & udp ports 111, 2049 and 33333. I can't
> remember if they are the normal defaults or if it was just the way we
> set it up.
>
> Klazmon.

I cannot vouch about port 33333, but I should warn you if you have
Solaris 9 or below boxes as clients, you will need a metric buttload
more ports

--
Mauricio raub-kudria-com
(if you need to email me, use this address =)