2

There are 2 servers in different routed networks.

I can ping, ssh from one to another via router, and nmap utility shows opened tcp:111 and udp:111 ports.

Also both servers show something like that:

root@storage2:/# rpcinfo -p
   program vers proto   port  service
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100000    2   tcp    111  portmapper
    100000    4   udp    111  portmapper
    100000    3   udp    111  portmapper
    100000    2   udp    111  portmapper
    100024    1   udp  59730  status
    100024    1   tcp  54613  status

Problem is when I try to mount NFS share or connect glusterfs server from both sides I have a timeout error. I'd then tried to check RPC connectivity:

root@nas:/home/vjkim# rpcinfo -p 172.18.3.4
rpcinfo: can't contact portmapper: RPC: Remote system error - Connection timed out

I'd double checked that I have ALL: ALL in /etc/hosts.allow for both servers. nmap from both shows something like:

Starting Nmap 5.21 ( http://nmap.org ) at 2014-09-18 16:02 ALMT
Nmap scan report for 172.18.3.4
Host is up (0.00032s latency).
Not shown: 996 closed ports
PORT    STATE SERVICE     VERSION
22/tcp  open  ssh         (protocol 2.0)
111/tcp open  rpcbind
| rpcinfo:
| 100000  2,3,4    111/udp  rpcbind
| 100024  1      59730/udp  status
| 100000  2,3,4    111/tcp  rpcbind
|_100024  1      54613/tcp  status
139/tcp open  netbios-ssn Samba smbd 3.X (workgroup: STORAGE2)
445/tcp open  netbios-ssn Samba smbd 3.X (workgroup: STORAGE2)

Can you point me to direction, where can be a problem?

I'm really out of clue, where else can it be.

peterh
  • 4,914
  • 13
  • 29
  • 44
Valentin
  • 21
  • 1
  • 1
  • 6
  • Check the situation with a tcpdump as well. I am nearly sure there is some trivial "port is not opened"/"daemon is not started" problem. – peterh Sep 18 '14 at 11:16
  • Execute from 'nas': `root@storage2:/# rpcinfo -p 172.16.0.52 rpcinfo: can't contact portmapper: RPC: Remote system error - Connection timed out.` `root@nas:/home/vjkim# tcpdump -i eth1 -vvv 'host 172.18.3.4' tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes` No traffic at all. – Valentin Sep 18 '14 at 11:30
  • And there is tcpdump from nas itself: http://pastebin.com/PNjKFbRp – Valentin Sep 18 '14 at 11:34
  • Give the tcpdump a -n flag as well, if you don't give that, it will wait for the DNS and you get bad results. – peterh Sep 18 '14 at 11:54
  • Tried tcpdump with -N key, no difference. Can't see tcp:111 or udp:111 traffic, just a lot of records like `18:05:07.509552 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.0.90 tell nas, length 46` – Valentin Sep 18 '14 at 12:06
  • Not sure what Linux distributions are in-use, so providing exact configuration items to check is a bit difficult. Silly question; have you restarted all of the services you've tweaked? (Or have you outright rebooted both systems recently?) – Signal15 Dec 04 '14 at 14:44
  • Provide the result of `iptables -vnL` – Matthew Ife Dec 04 '14 at 15:39

1 Answers1

1

Not sure about your Linux distribution's specifics. But if it's Red-Hat Enterprise Linux based, you might want to check their documentation

RHEL 6 - NFS Firewall Configuration

Basically, the things you want to check (in order) are;

  1. Do you have all the necessary services running?

    • nfs
    • nfslock
    • prcbind
    • rpc.nfsd

  2. Do your firewall(s) (either the ones running locally, or the router ACLs) permit the traffic bi-directionally (not just one-way)?

    • RHEL NFS configuration is in /etc/sysconfig/nfs
    • Permit TCP & UDP port 111 (rpcbind/sunrpc)
    • Permit TCP & UDP port 2049 for NFS
    • Permit TCP & UDP to MOUNTD_PORT (defined in /etc/sysconfig/nfs)
    • Permit TCP & UDP to STATD_PORT (defined in /etc/sysconfig/nfs)
    • Permit TCP to LOCKD_TCPPORT (defined in /etc/sysconfig/nfs)
    • Permit UDP to LOCKD_UDPPORT (defined in /etc/sysconfig/nfs)
Signal15
  • 943
  • 7
  • 27