Menu
▾
▴
[Shorewall-users] NFS mount fail although NFS trafic go thru
|
From: Reuben D. B. <tec...@vo...> - 2004-02-18 17:51:43
|
Hi, I find this really curious. I'm not real sure what causes this problem, b= ut I=20 thought someone else might have encountered this.=20 Let's say I have a machine "prod" that runs shorewall (1 IP 1 interface=20 (eth0)) using the Quick Start guides. I open the ports to let NFS traffic= s go=20 thru, just as described in www.shorewall.net. So, prod is the NFS server. Now when I try to mount nan NFS exported dir = from=20 another machine, mount will fail (RPC time out). In the /var/log/messages= of=20 prod, I find this: Feb 18 11:18:14 prod kernel: Shorewall:net2all:DROP:IN=3Deth0 OUT=3D=20 MAC=3D00:04:75:ab:e7:26:00:10:dc:27:e3:d7:08:00 SRC=3D160.36.28.203 DST=3D= <prod_ip>=20 LEN=3D172 TOS=3D0x00 PREC=3D0x00 TTL=3D64 ID=3D0 DF PROTO=3DUDP SPT=3D659= DPT=3D942 LEN=3D152=20 I'm curios why my "mount" command even try to access port 942.=20 But if I do 'shorewall stop' and 'shorewall clear' first, and then mount = the=20 NFS export from another machine, and then bring shorewall up with 'shorew= all=20 start', everything is OK. NFS traffics can go thru fine.=20 So why the mount command try to use different ports that what's specify? = Is=20 this the OS problem (prod is an Redhat Enterprise 3, while the other is a= RH=20 7.3) ? I vaguely remember then the DPT is not always the same, which even makes = this=20 weirder. RDB =20 --=20 Reuben D. Budiardja Department of Physics and Astronomy The University of Tennessee, Knoxville, TN --------------------------------------------------------- "To be a nemesis, you have to actively try to destroy=20 something, don't you? Really, I'm not out to destroy=20 Microsoft. That will just be a completely unintentional=20 side effect." - Linus Torvalds - |