rigoletto@
Developer
Hello,
I am trying to get NFS properly working but I couldn't find a way to make it.
First, I am taking the tests with PF set to "NO", with it is set to "YES" I can mount the NFS share if I open the specific UDP port MOUNTD is using when the server boot, for the rest it make no difference
Now a specific behavior related with nfs_server_flags="-r -t -n 4".
I disabled UDP for test purposes. With -r NFSD seem to start but
Thanks!
EDIT: FreeBSD 11.0-RELEASE-p1
I am trying to get NFS properly working but I couldn't find a way to make it.
First, I am taking the tests with PF set to "NO", with it is set to "YES" I can mount the NFS share if I open the specific UDP port MOUNTD is using when the server boot, for the rest it make no difference
cat /etc/rc.conf
Code:
zfs_enable="YES"
hostname="server"
ifconfig_em0="inet 192.168.0.200 netmask 255.255.255.0"
defaultrouter="192.168.0.1"
cloned_interfaces="lo1"
blacklistd_enable="YES"
local_unbound_enable="YES"
fsck_y_enable="YES"
background_fsck="NO"
kern_securelevel_enable="NO"
kern_securelevel="1"
pf_enable="YES"
fail2ban_enable="YES"
sshd_enable="YES"
ntpd_enable="YES"
powerd_enable="YES"
nfs_server_enable="YES"
nfs_server_flags="-r -t -n 4"
rpcbind_enable="YES"
mountd_flags="-r"
qjail_enable="YES"
dumpdev="AUTO"
keymap="br"
cat /etc/pf.conf
Code:
ext_if = "em0"
int_if = "em1"
host_server = "192.168.0.200"
backup_jail = "192.168.0.210"
webserver_jail = "192.168.0.254"
tcp_pass_host = "{ 22 53 111 2049 }"
udp_pass_host = "{ 53 111 2049 }"
tcp_pass_backup = "{ 548 }"
tcp_pass_webserver = "{ 80 443 }"
icmp_types = "echoreq"
table <bruteforce> persist
table <fail2ban> persist
table <local> { 192.168.0.0/24, 192.168.1.0/24 }
set loginterface $ext_if
set skip on lo0
scrub out on $ext_if all fragment reassemble random-id
scrub in on $ext_if all fragment reassemble
antispoof log quick for $ext_if inet
block log all
block quick from <bruteforce>
block quick from <fail2ban>
pass inet proto icmp all icmp-type $icmp_types keep state
pass inet proto icmp from <local> to any keep state
pass log on $ext_if inet proto tcp from any to any port ssh \
flags S/SA keep state \
(max-src-conn 100, max-src-conn-rate 15/5, \
overload <bruteforce> flush global)
pass out all
pass in quick proto tcp from <local> to $host_server port $tcp_pass_host
pass in quick proto udp from <local> to $host_server port $udp_pass_host
pass in quick proto tcp from <local> to $backup_jail port $tcp_pass_backup
pass in proto tcp from any to $webserver_jail port $tcp_pass_webserver synproxy state
cat /etc/exports
Code:
/backup/alex 192.168.0.10
showmount -e
Code:
Exports list on localhost:
/backup/alex 192.168.0.10
mount -v 192.168.0.200:/backup/alex /home/backup
[on client (Gentoo)]
Code:
mount.nfs: timeout set for Fri Oct 14 00:41:40 2016
mount.nfs: trying text-based options 'vers=4.2,addr=192.168.0.200,clientaddr=192.168.0.10'
mount.nfs: mount(2): Protocol not supported
mount.nfs: trying text-based options 'vers=4.1,addr=192.168.0.200,clientaddr=192.168.0.10'
mount.nfs: mount(2): Protocol not supported
mount.nfs: trying text-based options 'vers=4.0,addr=192.168.0.200,clientaddr=192.168.0.10'
mount.nfs: mount(2): Protocol not supported
mount.nfs: trying text-based options 'addr=192.168.0.200'
mount.nfs: prog 100003, trying vers=3, prot=6
mount.nfs: trying 192.168.0.200 prog 100003 vers 3 prot TCP port 2049
mount.nfs: portmap query failed: RPC: Remote system error - Connection refused
Now a specific behavior related with nfs_server_flags="-r -t -n 4".
I disabled UDP for test purposes. With -r NFSD seem to start but
service nfsd status
show it is not working. Without -r does not matter if there is -u or not, it still working on UDP too.Thanks!
EDIT: FreeBSD 11.0-RELEASE-p1
cat /etc/src.conf
Code:
WITHOUT_BHYVE=YES
WITHOUT_BLUETOOTH=YES
WITHOUT_CALENDAR=YES
WITHOUT_DEBUG_FILES=YES
WITHOUT_EE=YES
WITHOUT_FLOPPY=YES
WITHOUT_FREEBSD_UPDATE=YES
WITHOUT_GAMES=YES
WITHOUT_GSSAPI=YES
WITHOUT_HYPERV=YES
WITHOUT_IPFILTER=YES
WITHOUT_IPFW=YES
WITHOUT_KERBEROS=YES
WITHOUT_KVM=YES
WITHOUT_LIB32=YES
WITHOUT_MAIL=YES
WITHOUT_PC_SYSINSTALL=YES
WITHOUT_PPP=YES
WITHOUT_PROFILE=YES
WITHOUT_SENDMAIL=YES
WITHOUT_SVNLITE=YES
WITHOUT_TALK=YES
WITHOUT_TELNET=YES
WITHOUT_WIRELESS=YES
Last edited: