Re: NFS between private subnets


Subject: Re: NFS between private subnets
From: nathan r. hruby (nhruby@arches.uga.edu)
Date: Mon Feb 11 2002 - 13:05:57 MST


On Mon, 11 Feb 2002, John Duarte wrote:

> I am trying to allow NFS access between two private subnets. The
> masquerading appears to be causing me some trouble. Here's my set up.
>

It would help if you could post the errors and a bit more about your
configs and what you're trying to do.

> router
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use Iface
> 192.168.1.3 * 255.255.255.255 UH 0 0 0 eth0
> 192.168.2.3 * 255.255.255.255 UH 0 0 0 eth1
> 192.168.2.0 * 255.255.255.0 U 0 0 0 eth1
> 192.168.1.0 * 255.255.255.255 U 0 0 0 eth0
> 127.0.0.0 * 255.0.0.0 U 0 0
> 0 lo
>

That looks screwy, the subnetmask for the .1 subnet is 255.255.255.255?!

Also, it looks like you have static routes setup to boxes on each
network, which I'm not understanding. Perhaps if you told us what each IP
is we could interpet this info better.

You also have no default route.

> #ipchains -L
> Chain input (policy ACCEPT):
> Chain forward (policy ACCEPT):
> target prot opt source destination ports
> MASQ all ------ 192.168.1.0/24 192.168.2.0/24 n/a
> MASQ all ------ 192.168.2.0/24 192.168.1.0/24 n/a
> ACCEPT all ------ 192.168.1.0/24 192.168.2.0/24 n/a
> ACCEPT all ------ 192.168.2.0/24 192.168.1.0/24 n/a
> Chain output (policy ACCEPT):
>

Looks ok, but ipchains is not something I deal with everyday. Can you
verify that with an example in the ipchains documentation? Does other
traffic flow from network to network ok?

> I've inserted the ip_masq_ftp module to allow ftp to get around the
> masquerading problem. Is there a similar fix for NFS?
>

No, but you do need to be running portmap, rpc.mountd, rpc.nfsd,
rpc.rquotad, and rpc.lockd. Are all these started up on the boxes that
will be NFS serving?

There are also issues about NFS'ing from one OS to another, they vary from
machine type to machine type and OS to OS. One specificly flaky
combonation is linux 2.2.x to Irix6.5.x using nfsv2. Also, are you sure
that you have the client boxes added correctly into /etc/exports and
you've rerun exportfs?

-n

-- 
......
nathan hruby - nhruby@arches.uga.edu
computer support specialist
department of drama and theatre
http://www.drama.uga.edu/
......



This archive was generated by hypermail 2a24 : Mon Feb 11 2002 - 13:22:39 MST