I installed the universal configuration, then followed the guide to enable NFS, but NFS failed miserably whenever shorewall was started or stopped. only cleared allowed NFS traffic to function properly. I''m using ubuntu 11.4, which I believe is using nfs4. sec is set to sec=sys. not sure if more ports are needed, or different ports, or if shorewall has done something unusual. I had to purge shorewall about a week ago to ensure the system functions, so I can''t provide a dump at the moment, but if one is absolutely critical to proceeding to debug this issue, I can schedule some downtime to the nfs server to acquire a dump in the next few days. ------------------------------------------------------------------------------ Using storage to extend the benefits of virtualization and iSCSI Virtualization increases hardware utilization and delivers a new level of agility. Learn what those decisions are and how to modernize your storage and backup environments for virtualization. http://www.accelacomm.com/jaw/sfnl/114/51434361/
On Wed, Sep 07, 2011 at 01:38:28PM -0700, Christ Schlacta wrote:> I installed the universal configuration, then followed the guide to > enable NFS, but NFS failed miserably whenever shorewall was started or > stopped. only cleared allowed NFS traffic to function properly. I''m > using ubuntu 11.4, which I believe is using nfs4. sec is set to > sec=sys. not sure if more ports are needed, or different ports, or if > shorewall has done something unusual. I had to purge shorewall about a > week ago to ensure the system functions, so I can''t provide a dump at > the moment, but if one is absolutely critical to proceeding to debug > this issue, I can schedule some downtime to the nfs server to acquire a > dump in the next few days. >I run Shorewall on a system that serves up filesystems as NFSv4. Here are the rules I use: ACCEPT loc $FW tcp 111 ACCEPT loc $FW udp 111 ACCEPT loc $FW tcp 2049 ACCEPT loc $FW udp 2049 ACCEPT loc $FW tcp 32765:32769 ACCEPT loc $FW udp 32765:32769 In /etc/default/nfs-kernel-server, I have: RPCMOUNTDOPTS="-p 32767" In /etc/default/nfs-common, I have: STATDOPTS="--port 32765 --outgoing-port 32766" I think the key is *telling* the services what ports to use. Otherwise, they use random ports and traffic will probably not be allowed through. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com ------------------------------------------------------------------------------ Using storage to extend the benefits of virtualization and iSCSI Virtualization increases hardware utilization and delivers a new level of agility. Learn what those decisions are and how to modernize your storage and backup environments for virtualization. http://www.accelacomm.com/jaw/sfnl/114/51434361/
On Wed, 2011-09-07 at 13:38 -0700, Christ Schlacta wrote:> I installed the universal configuration, then followed the guide to > enable NFS, but NFS failed miserably whenever shorewall was started or > stopped.It is worth a reminder that, in general, ''shorewall stop'' closes the system for connections from the outside. If you want to remove all rules added by Shorewall, you must use ''shorewall clear''. Note that the default behavior on Debian is that ''/etc/init.d/shorewall stop'' performs a ''shorewall clear''. On all other platforms, it performs ''shorewall stop''. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Doing More with Less: The Next Generation Virtual Desktop What are the key obstacles that have prevented many mid-market businesses from deploying virtual desktops? How do next-generation virtual desktops provide companies an easier-to-deploy, easier-to-manage and more affordable virtual desktop model.http://www.accelacomm.com/jaw/sfnl/114/51426474/