<html><body>
<DIV>-------------- Original message -------------- <BR>From: "Nick Morrott" <knowledgejunkie@gmail.com> <BR><BR>> On 13/09/2007, Harry Devine <LIFTER89@COMCAST.NET>wrote: <BR>> <BR>> > Here is the output of my iptables -L: <BR>> <BR>> <SNIP><BR>> <BR>> > -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 111 -j <BR>> > ACCEPT <BR>> > <BR>> > -A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 111 -j <BR>> > ACCEPT <BR>> > <BR>> > -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 2049 -j <BR>> > ACCEPT <BR>> > <BR>> > -A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 2049 -j <BR>> > ACCEPT <BR>> > <BR>> > -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited <BR>> <BR>> I think the problem is that only ports 111 and 2049 are being allowed <BR>> by the current ruleset, and the other necessary port
s for NFS (which <BR>> rpcinfo -p will show, and the link I posted shows how to control) are <BR>> still closed. <BR>> <BR>> To verify this, check the output of rpcinfo and look for the port <BR>> entries for status, mountd, rquotad, and lockmgr. Create firewall <BR>> rules which ACCEPT these ports (udp/tcp per rpcinfo) and restart the <BR>> firewall without restarting NFS. You should now be able to connect to <BR>> the exported volume from your client. <BR>> <BR>> -- <BR>> Nick Morrott <BR>> <BR>> MythTV Official wiki: <BR>> http://mythtv.org/wiki/ <BR>> MythTV users list archive: <BR>> http://www.gossamer-threads.com/lists/mythtv/users <BR>> <BR>> "An investment in knowledge always pays the best interest." - Benjamin Franklin <BR>> _______________________________________________ <BR>> mythtv-users mailing list <BR>> mythtv-users@mythtv.org <BR>> <A href="http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users">http
://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users</A> </DIV>
<DIV> </DIV>
<DIV>FYI: That suggestion worked!!!! I just mapped my NFS share from my Myth box. I added the following NFS information to my firewall (as per rpcinfo -p):</DIV>
<DIV> </DIV>
<DIV>status TCP port 881/UDP port 878</DIV>
<DIV>rquotad TCP port 844/UDP port 841</DIV>
<DIV>mountd TCP port 883/UDP port 880</DIV>
<DIV>nlockmgr TCP port 50560/UDP port 32768</DIV>
<DIV> </DIV>
<DIV>So, now it's working. What bothers me is that when I setup the boxes, I checked the checkbox for NFS on the firewall setup, yet ALL of the required ports weren't added to iptables. One would think that if they wanted to allow NFS thru, then ALL NFS-related ports would be allowed in the firewall. Oh, well. Wishful thinking, I suppose.</DIV>
<DIV> </DIV>
<DIV>Thank you very much for the help, time, and suggestions!</DIV>
<DIV>Harry</DIV></body></html>