cannot ssh (use NFS) on RHEL box, but can mount external & ssh out of RHEL box

drs.grid · August 3, 2011, 7:46pm

Ok, Im trying to get NFS working on my RHEL 5 box, apparently i can use the box as a client, but not as a server. If it helps i cant ssh into the box (server), but as a client ssh works fine. Ive configured

server:
/etc/hosts.allow:

all : all
all :all@all

setup my /etc/exports file

/opt/Xilinx      av2(rw,sync,no_root_squash) 192.168.0.1/24(rw,sync,no_root_squash)

chkconfig nfs on
chkconfig portmap on
service portmap start
service nfs start
system-config-nfs
chkconfig netfs on
/etc/init.d/portmap start


 showmount -e
Export list for av2:
/opt/Xilinx 192.168.0.1/24,av2

disabled (iptables & the firewall) -- [or at least i think....its diasabled]

service iptables save
service iptables stop
chkconfig iptables off
service ip6tables save
service ip6tables stop
chkconfig ip6tables off

client:
/etc/fstab

      av2:/opt/Xilinx /opt/Xilinx     nfs    defaults,vers=3,rsize=8192,wsize=8192,timeo=14,intr,rw

messages:

[root@pipe /UTILITIES]# ssh av2
ssh: connect to host av2 port 22: Connection refused

[root@pipe /UTILITIES]# mount /opt/Xilinx
mount: mount to NFS server 'av2' failed: System Error: Connection refused.

however as client it works fine:

[root@av2 ~]# ssh pipeline
root@pipe's password: 
Last login: Wed Aug  3 15:07:07 2011 from 192.168.0.106
[root@pipe ~]#

mount

pipe:/home on /home type nfs (rw,rsize=8192,wsize=8192,timeo=14,intr,addr=192.168.0.1)

my SELinux Mgmt : is disabled

One box AV2 is RHEL 5, the other PIPE is CentOS 5.6...

Thoughts?

venikathir · August 4, 2011, 6:00am

in client

showmount -e <servername>

output please

drs.grid · August 4, 2011, 1:45pm

client = pipe
server = av2

[root@pipe ~]# showmount -e av2
mount clntudp_create: RPC: Port mapper failure - RPC: Unable to receive

--- (CLIENT) ---

[root@pipe ~]# rpcinfo  -u av2 portmap
rpcinfo: RPC: Port mapper failure - RPC: Unable to receive
program 100000 is not available


[root@pipe ~]# rpcinfo -p
   program vers proto   port
    100000    2   tcp    111  portmapper
    100000    2   udp    111  portmapper
    100024    1   udp    868  status
    100024    1   tcp    871  status
    100021    1   udp  58356  nlockmgr
    100021    3   udp  58356  nlockmgr
    100021    4   udp  58356  nlockmgr
    100021    1   tcp  32895  nlockmgr
    100021    3   tcp  32895  nlockmgr
    100021    4   tcp  32895  nlockmgr
    100004    2   udp    753  ypserv
    100004    1   udp    753  ypserv
    100004    2   tcp    756  ypserv
    100004    1   tcp    756  ypserv
 600100069    1   udp    762  fypxfrd
 600100069    1   tcp    764  fypxfrd
    100011    1   udp   1019  rquotad
    100011    2   udp   1019  rquotad
    100011    1   tcp   1022  rquotad
    100011    2   tcp   1022  rquotad
    100003    2   udp   2049  nfs
    100003    3   udp   2049  nfs
    100003    4   udp   2049  nfs
    100003    2   tcp   2049  nfs
    100003    3   tcp   2049  nfs
    100003    4   tcp   2049  nfs
    100005    1   udp    608  mountd
    100005    1   tcp    611  mountd
    100005    2   udp    608  mountd
    100005    2   tcp    611  mountd
    100005    3   udp    608  mountd
    100005    3   tcp    611  mountd
    100009    1   udp    752  yppasswdd
[root@pipe ~]# 


[root@pipe ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination       



[root@pipe ~]# nmap av2

Starting Nmap 4.20 ( http://insecure.org ) at 2011-08-04 12:12 PDT
Interesting ports on av2 (10.140.32.216):
Not shown: 1691 closed ports
PORT     STATE SERVICE
135/tcp  open  msrpc
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
664/tcp  open  unknown
5800/tcp open  vnc-http
5900/tcp open  vnc
MAC Address: 00:XX:XX:XX:XX:XX (Unknown)

Nmap finished: 1 IP address (1 host up) scanned in 1.655 seconds
[root@pipe ~]#

--- (SERVER) ---

[root@av2 ~]# rpcinfo -u pipe portmap
program 100000 version 2 ready and waiting
[root@av2 ~]# 

??? "version 2" ???


[root@av2 ~]# rpcinfo -p
   program vers proto   port
    100000    2   tcp    111  portmapper
    100000    2   udp    111  portmapper
    100024    1   udp    781  status
    100024    1   tcp    784  status
    100021    1   udp  37274  nlockmgr
    100021    3   udp  37274  nlockmgr
    100021    4   udp  37274  nlockmgr
    100021    1   tcp  43991  nlockmgr
    100021    3   tcp  43991  nlockmgr
    100021    4   tcp  43991  nlockmgr
    100007    2   udp    832  ypbind
    100007    1   udp    832  ypbind
    100007    2   tcp    835  ypbind
    100007    1   tcp    835  ypbind
    100011    1   udp    683  rquotad
    100011    2   udp    683  rquotad
    100011    1   tcp    686  rquotad
    100011    2   tcp    686  rquotad
    100003    2   udp   2049  nfs
    100003    3   udp   2049  nfs
    100003    4   udp   2049  nfs
    100003    2   tcp   2049  nfs
    100003    3   tcp   2049  nfs
    100003    4   tcp   2049  nfs
    100005    1   udp    696  mountd
    100005    1   tcp    699  mountd
    100005    2   udp    696  mountd
    100005    2   tcp    699  mountd
    100005    3   udp    696  mountd
    100005    3   tcp    699  mountd
[root@av2 ~]# 


[root@av2 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
[root@av2 ~]#


[root@av2 ~]# nmap pipe
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2011-08-04 12:15 PDT
Interesting ports on pipe (192.168.0.1):
Not shown: 1647 closed ports
PORT     STATE SERVICE
21/tcp   open  ftp
22/tcp   open  ssh
25/tcp   open  smtp
80/tcp   open  http
111/tcp  open  rpcbind
139/tcp  open  netbios-ssn
443/tcp  open  https
445/tcp  open  microsoft-ds
536/tcp  open  opalis-rdv
611/tcp  open  npmp-gui
756/tcp  open  unknown
764/tcp  open  omserv
871/tcp  open  supfilesrv
901/tcp  open  samba-swat
1022/tcp open  unknown
2049/tcp open  nfs
2401/tcp open  cvspserver
5801/tcp open  vnc-http-1
5802/tcp open  vnc-http-2
5803/tcp open  vnc-http-3
5901/tcp open  vnc-1
5902/tcp open  vnc-2
5903/tcp open  vnc-3
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6008/tcp open  X11:8
6009/tcp open  X11:9
6017/tcp open  xmail-ctrl
MAC Address: 00:XX:XX:XX:XX:XX (Supermicro Computer)

Nmap finished: 1 IP address (1 host up) scanned in 0.447 seconds

-- ok so it looks like this is a firewall issue? Thought i disabled firewall in OP.... seek direction... dont know anything about iptables

fpmurphy · August 4, 2011, 9:35pm

On RHEL the portmapper is build with libwrap.a. That means TCP Wrappers are active. That means that, depending on your /etc/hosts.allow/deny configuration, you may have to add a line like the following to /etc/hosts.allow:

portmap: 192.168.X.X

Replace 192.168.X.X with whatever value you need.

drs.grid · August 8, 2011, 2:30pm

I need to explicitly specify the portmap in /etc/hosts.allow & deny ?
Even though as in orig post the 'hosts.deny' file is empty and 'hosts.allow' contains

/etc/hosts.allow
all : all
all :all@all
Ill try explictly adding the portmapper; I thought the issue was with iptables (closed port) but not sure....

Oh crud....
Nevermind - problem resolved due to typo in hosts file (how embarrassing)