[linux] nfs + netfilter
Martin Mosny, PosTel, a.s.
mmosny na postel.sk
Pondělí Leden 28 18:50:21 CET 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ahojte
mam jeden dost velky problem. Chcem na pocitaci A rozchodit nfs server,
chcem aby pocitac B a C si mohli tieto shared directories mountnut.
Ale na pocitaci A su nastavene netfilter pravidla, to nie je az take zle,
ale pri restarte nfs sluzby sa menia pouzivane porty.
\\\\\\\ begin of snip \\\\\\\\\\\\
[root na A init.d]# rpcinfo -p A
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100011 1 udp 967 rquotad
100011 2 udp 967 rquotad
100011 1 tcp 970 rquotad
100011 2 tcp 970 rquotad
100005 1 udp 33117 mountd
100005 1 tcp 41870 mountd
100005 2 udp 33117 mountd
100005 2 tcp 41870 mountd
100005 3 udp 33117 mountd
100005 3 tcp 41870 mountd
100003 2 udp 2049 nfs
100021 1 udp 33118 nlockmgr
100021 3 udp 33118 nlockmgr
[root na A init.d]# /etc/init.d/nfs stop
Shutting down NFS mountd: [ OK ]
Shutting down NFS daemon: [ OK ]
Shutting down NFS services: [ OK ]
Shutting down NFS quotas: [ OK ]
[root na A init.d]# /etc/init.d/nfs start
Starting NFS services: [ OK ]
Starting NFS quotas: [ OK ]
Starting NFS mountd: [ OK ]
Starting NFS daemon: [ OK ]
[root na A init.d]# rpcinfo -p A
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100011 1 udp 630 rquotad
100011 2 udp 630 rquotad
100011 1 tcp 633 rquotad
100011 2 tcp 633 rquotad
100005 1 udp 33118 mountd
100005 1 tcp 41871 mountd
100005 2 udp 33118 mountd
100005 2 tcp 41871 mountd
100005 3 udp 33118 mountd
100005 3 tcp 41871 mountd
100003 2 udp 2049 nfs
100021 1 udp 33119 nlockmgr
100021 3 udp 33119 nlockmgr
\\\\\\\\\\\\\\end of snip\\\\\\\\\\\\\\\\\\\
preto tam nie je restart, lebo vznika klamny dojem, ze niektore porty
ostavaju.
Odblokovanie portov 2049+111(tcp+udp), nie je postacujuce!!! Source porty
z pocitaca B a C sa menia!!!! takze ani to nie je spravna cesta.
Skusal som aj take veci nfswatch a nfstrace, ale nejako nie su portovane
na linux (len ultrix a podobne).
Ma niekto s tym nejake skusenosti, nejake typy???
Dik m0s
P.S. ja viem, ze existuje aj coda, afs, gfs ...... ale preco by som musel
patchovat jadro, ked nemusim (aspon zatial).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8VY9g1Nxm72GJflgRAlv8AJ0fb89o4IKDlJncI/Byg5ulN7iLiQCfSHm4
uQM53iuYg0g9PTvwh0bp8qM=
=N1Du
-----END PGP SIGNATURE-----
Další informace o konferenci linux