NFS and ssh problems

[Guest BerndS]

Hi,

 

I have recently set up a new box with automated installing of MD 9.0, including all client and server options; thus NFS, too.

 

Now, there are three participants in my new mini network. The old PC, a laptop, and the new PC. I have allowed multiple directories and all participating addresses of the network in Webmin's NFS module and made the new PC my new gateway (which used to be the old PC).

 

Internet sharing and printer work well through the new PC. However, when trying to mount nfs to and from the new PC, I get the error message: mount: RPC: Port mapper failure - RPC unable to send" (from the new PC) - RPC unable to receive (from the old PC and laptop).

 

Also, ssh results in the error message: connect to address xxx.xxx.x.xx port 22: Connection refused between the new PC and the other two.

 

Though I set the gateway to the new PC, I can still nfs and ssh without any problems between the laptop and the old PC.

 

I wondered if my firewall, which seems to be "shorewall" is the problem, but the new PC is not accessible by nfs and ssh even if I stop shorewall.

 

Any words of wisdom on this subject?

 

Thanks

BerndS

[Guest tezca]

it is your firewall, I use shorewall myself its really good but you have to open up the ports for the services your using

portmap uses 111

look in /etc/services file to find the appropriate port for nfs I dont have that info with me now, also you have 3 machines how are then connected through a hub? crossover cable? are thay all on the same subnet?

 

if on diff subnets you need to add more rules in your rules file as well as a couple of others

 

I was using shorewall as a 3 way router for a DMZ and private LAN connect to the net. 3nics in the gateway machine

 

the best thing to do is open up some of the files in the /etc/shorewall dir in a text editior cuz thats where the documentation is at inside the files also with some examples

 

2 notes!

 

1.you shouldn't run nfs if its on your gateway nfs has a history of exploit problems

2.also best way to test if its your firewall is first disconnect your eth cable going to the internet then shut off the firewall

#shorewall stop

#shorewall flush

then chk that iptables is allowing all connections

# iptables -L

should show you "accept" on all three outputs

[Guest BerndS]

Hi, thanks for your reply.

 

I looked through some of the shorewall files, but am now reluctant to touch any of the contents for I may mess up my ability to go on-line with my adsl after the changes. Am I safe enough to make a backup copy of the directory /etc/shorewall or are other files automaticlly affected by any changes in that directory upon a re-boot? Just by playing about a bit with the command "shorewall accept xxx.xxx.x.xx" I messed up the printer access from my old pc as well as the laptop.

 

More important to me is your warning about nfs. I have heard that before. However, what other means are there to transfer files and directories between boxes? Mainly, I want to make backups (*tar.gz) to and from the old pc and an occasional transfer of files to and from the laptop.

 

Could you tell me, which file exactly I would have to alter in what way to enable ssh? ssh is on 22/tcp and 22/udp according to etc/services.

 

My new PC has a coax cable going to a hub. From that hub there is a coax to the old pc and a network cable to the laptop.

 

Upon iptables -L I get a huge output with a lot of "all --- anywhere". However, none of my addresses are listed. The only IP I found is what I assume to be the netmask address. Is it safe to copy that output into this forum?

 

Thanks

Bernd

[Guest tezca]

sorry about not more direct info, hope this helps

 

#iptables -L | more ( the "|" is the pipe symbol which is made with shift in case you dont know)

is a better command to view your rules " that way you can slowly scroll throught the output with your "enter" button, to quit just press "q"

 

ok as for shorewall

you can do this

copy all the files as an example below

linuxrouter /home/someuser># cd /etc

linuxrouter /etc># cd shorewall

linuxrouter /etc/shorewall># cp rules rules.bak

 

this way each file you copy will have a backup

" note if you are going to change all the files you must make a backup of each file!"

so you'll probably have several or more ".bak" files if you want you can leave them all in /etc/ or put them in another folder mabye called "bkup"

so you can have a folder inside /etc/shorewall called "bkup" then if you have any problems

just

cd /etc/shorewall/bkup

cp *.bak /etc/shorewall

you get prompted if you want to overwrite all those files and since this it what you might want to do say yes then restart shorewall and then your firewall will be back to the way it was.

 

this is a common practice so you should allways do this before editing any config files allways make bkups you can do it in various orders to cue yourself such as ".bak" & ".bak1", ".bak2" to tell youself the oder in which you made them bak being the origional bak1 being the 1st modification bak2 the 2nd and so on.

 

also some of the other ports for nfs are

2049

747

745

 

also other option is "scp" its really easy once you get the hang of it

I'll see if i can file the command later it uses SSH