NFS 挂载问题

NFS 挂载问题

客户端上的 NFS 设置出现问题,导致超时并拒绝连接

[root@host9 ~]# mount 192.168.0.17:/home/export /mnt/export
mount: mount to NFS server '192.168.0.17' failed: timed out (retrying).
mount: mount to NFS server '192.168.0.17' failed: timed out (retrying).
mount: mount to NFS server '192.168.0.17' failed: timed out (retrying).
mount: mount to NFS server '192.168.0.17' failed: timed out (retrying).

以下是我使用的设置:

[root@host17 /home/export]# cat /etc/hosts.allow
#
# hosts.allow   This file contains access rules which are used to
#               allow or deny connections to network services that
#               either use the tcp_wrappers library or that have been
#               started through a tcp_wrappers-enabled xinetd.
#
#               See 'man 5 hosts_options' and 'man 5 hosts_access'
#               for information on rule syntax.
#               See 'man tcpd' for information on tcp_wrappers
#
portmap: 192.168.0.0/255.255.255.0
lockd: 192.168.0.0/255.255.255.0
rquotad: 192.168.0.0/255.255.255.0
mountd: 192.168.0.0/255.255.255.0
statd: 192.168.0.0/255.255.255.0

[root@host17 /home/export]# cat /etc/hosts.deny
#
# hosts.deny    This file contains access rules which are used to
#               deny connections to network services that either use
#               the tcp_wrappers library or that have been
#               started through a tcp_wrappers-enabled xinetd.
#
#               The rules in this file can also be set up in
#               /etc/hosts.allow with a 'deny' option instead.
#
#               See 'man 5 hosts_options' and 'man 5 hosts_access'
#               for information on rule syntax.
#               See 'man tcpd' for information on tcp_wrappers
#

portmap:ALL
lockd:ALL
mountd:ALL
rquotad:ALL
statd:ALL
[root@host17 /home/export]# cat /etc/exports
/home/export      192.168.0.0/255.255.255.0(rw)

[root@host17 /home/export]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     esp  --  anywhere             anywhere
ACCEPT     ah   --  anywhere             anywhere
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:6379
ACCEPT     udp  --  192.168.0.0/24       anywhere            state NEW udp dpt:sunrpc
ACCEPT     tcp  --  192.168.0.0/24       anywhere            state NEW tcp dpt:sunrpc
ACCEPT     tcp  --  192.168.0.0/24       anywhere            state NEW tcp dpt:nfs
ACCEPT     tcp  --  192.168.0.0/24       anywhere            state NEW tcp dpt:32803
ACCEPT     udp  --  192.168.0.0/24       anywhere            state NEW udp dpt:filenet-rpc
ACCEPT     tcp  --  192.168.0.0/24       anywhere            state NEW tcp dpt:892
ACCEPT     udp  --  192.168.0.0/24       anywhere            state NEW udp dpt:892
ACCEPT     tcp  --  192.168.0.0/24       anywhere            state NEW tcp dpt:rquotad
ACCEPT     udp  --  192.168.0.0/24       anywhere            state NEW udp dpt:rquotad
ACCEPT     tcp  --  192.168.0.0/24       anywhere            state NEW tcp dpt:pftp
ACCEPT     udp  --  192.168.0.0/24       anywhere            state NEW udp dpt:pftp
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

在客户端上,这里有一些 rpcinfo

[root@host9 ~]# rpcinfo -p 192.168.0.17
   program vers proto   port
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100000    2   tcp    111  portmapper
    100000    4   udp    111  portmapper
    100000    3   udp    111  portmapper
    100000    2   udp    111  portmapper
    100011    1   udp    875  rquotad
    100011    2   udp    875  rquotad
    100011    1   tcp    875  rquotad
    100011    2   tcp    875  rquotad
    100005    1   udp  45857  mountd
    100005    1   tcp  55772  mountd
    100005    2   udp  34021  mountd
    100005    2   tcp  59542  mountd
    100005    3   udp  60930  mountd
    100005    3   tcp  53086  mountd
    100003    2   udp   2049  nfs
    100003    3   udp   2049  nfs
    100003    4   udp   2049  nfs
    100227    2   udp   2049  nfs_acl
    100227    3   udp   2049  nfs_acl
    100003    2   tcp   2049  nfs
    100003    3   tcp   2049  nfs
    100003    4   tcp   2049  nfs
    100227    2   tcp   2049  nfs_acl
    100227    3   tcp   2049  nfs_acl
    100021    1   udp  59832  nlockmgr
    100021    3   udp  59832  nlockmgr
    100021    4   udp  59832  nlockmgr
    100021    1   tcp  36140  nlockmgr
    100021    3   tcp  36140  nlockmgr
    100021    4   tcp  36140  nlockmgr
    100024    1   udp  46494  status
    100024    1   tcp  49672  status
[root@host9 ~]#

[root@host9 ~]# rpcinfo  -u  192.168.0.17 nfs
rpcinfo: RPC: Timed out
program 100003 version 0 is not available
[root@host9 ~]# rpcinfo  -u  192.168.0.17 portmap
program 100000 version 2 ready and waiting
program 100000 version 3 ready and waiting
program 100000 version 4 ready and waiting
[root@host9 ~]# rpcinfo  -u  192.168.0.17 mount
rpcinfo: RPC: Timed out
program 100005 version 0 is not available
[root@host9 ~]#

我在所有系统上运行的是 CentOS 5.8

答案1

NFS 和防火墙的典型问题是某些使用的端口是随机分配的。

在文件 /etc/sysconfig/nfs 中,您可以修复 NFS 中涉及的各种进程使用的随机端口。执行此操作,然后确保这些端口在您的 iptables 规则中处于打开状态。

相关内容