I downgraded one of my computers to 15.2 because this is the only way to have a sound. Now I installed the NFS server as follows: At first I executed "zypper in yast2-nfs-server" for making "NFS server" available to Yast. Next I prepared an /etc/exports file and executed "Yast | Network Services | NFS Server" Finally I invoked "Yast | System | Services Manager" and started "nfs-server" and "nfsserver". But that did not help, the NFS server does not work, i.e. it is impossibile to NFS-mount a file on a different computer. What is wrong? Any help is welcome. Thank you in advance, Wolfgang
Wolfgang Mueller wrote:
I downgraded one of my computers to 15.2 because this is the only way to have a sound.
Now I installed the NFS server as follows:
At first I executed "zypper in yast2-nfs-server" for making "NFS server" available to Yast.
Next I prepared an /etc/exports file and executed "Yast | Network Services | NFS Server"
Finally I invoked "Yast | System | Services Manager" and started "nfs-server" and "nfsserver".
But that did not help, the NFS server does not work, i.e. it is impossibile to NFS-mount a file on a different computer.
What is wrong? Any help is welcome.
Well, let us start with some diagnostics - error messages from the client? (try mounting the share from the command-line). Error messages on the server? (/var/log/messages). Did the nfs server in fact start? "systemctl status nfs-server" ? That sort of thing. -- Per Jessen, Zürich (13.4°C)
On 01/10/2021 10.00, Wolfgang Mueller wrote:
I downgraded one of my computers to 15.2 because this is the only way to have a sound.
Now I installed the NFS server as follows:
At first I executed "zypper in yast2-nfs-server" for making "NFS server" available to Yast.
Next I prepared an /etc/exports file and executed "Yast | Network Services | NFS Server"
Finally I invoked "Yast | System | Services Manager" and started "nfs-server" and "nfsserver".
Use only "nfs-server", the other one is an alias, and doesn't actually "run right", IMO.
But that did not help, the NFS server does not work, i.e. it is impossibile to NFS-mount a file on a different computer.
What is wrong? Any help is welcome.
First step, run "systemctl status nfs-server" and paste results here. -- Cheers / Saludos, Carlos E. R. (from oS Leap 15.2 x86_64 (Minas Tirith))
On Fri, 1 Oct 2021 at 11:38:29 +0200, Carlos E. R. wrote:
On 01/10/2021 10.00, Wolfgang Mueller wrote:
I downgraded one of my computers to 15.2 because this is the only way to have a sound.
Now I installed the NFS server as follows:
At first I executed "zypper in yast2-nfs-server" for making "NFS server" available to Yast.
Next I prepared an /etc/exports file and executed "Yast | NetworkServices | NFS Server"
Finally I invoked "Yast | System | Services Manager" and started "nfs-server" and "nfsserver".
Use only "nfs-server", the other one is an alias, and doesn't actually "run right", IMO.
I have deactivated the alias "nfsserver" (without hyphen).
But that did not help, the NFS server does not work, i.e. it is impossibile to NFS-mount a file on a different computer.
What is wrong? Any help is welcome.
First step, run "systemctl status nfs-server" and paste results here.
Please find the response of "systemctl status nfs-server" on http://www.ariannuccia.de/temp/systemctl_status_nfs-server.BAD For comparison, the response of "systemctl status nfs-server" has been listed for a computer where the nfs server works correctly: http://www.ariannuccia.de/temp/systemctl_status_nfs-server.GOOD Regards, Wolfgang
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 2021-10-01 a las 12:45 +0200, Wolfgang Mueller escribió:
On Fri, 1 Oct 2021 at 11:38:29 +0200, Carlos E. R. wrote:
On 01/10/2021 10.00, Wolfgang Mueller wrote:
...
I have deactivated the alias "nfsserver" (without hyphen).
But that did not help, the NFS server does not work, i.e. it is impossibile to NFS-mount a file on a different computer.
What is wrong? Any help is welcome.
First step, run "systemctl status nfs-server" and paste results here.
Please find the response of "systemctl status nfs-server" on http://www.ariannuccia.de/temp/systemctl_status_nfs-server.BAD
For comparison, the response of "systemctl status nfs-server" has been listed for a computer where the nfs server works correctly: http://www.ariannuccia.de/temp/systemctl_status_nfs-server.GOOD
As far as I can see, both are good. Try showmount. See mine, server running but nothing connected. minas-tirith:~ # systemctl status nfs-server.service ● nfs-server.service - NFS server and services Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; disabled; vendor preset: disabled) Drop-In: /usr/lib/systemd/system/nfs-server.service.d └─nfsserver.conf, options.conf /run/systemd/generator/nfs-server.service.d └─order-with-mounts.conf Active: active (exited) since Fri 2021-10-01 13:15:47 CEST; 2min 34s ago Process: 32432 ExecStart=/usr/sbin/rpc.nfsd $NFSD_OPTIONS (code=exited, status=0/SUCCESS) Process: 32431 ExecStartPre=/usr/sbin/exportfs -r (code=exited, status=0/SUCCESS) Main PID: 32432 (code=exited, status=0/SUCCESS) Tasks: 0 CGroup: /system.slice/nfs-server.service minas-tirith:~ # showmount Hosts on minas-tirith.valinor: minas-tirith:~ # showmount --all All mount points on minas-tirith.valinor: minas-tirith:~ # minas-tirith:~ # showmount --exports Export list for minas-tirith.valinor: /home 192.168.1.14/24 / 192.168.1.127,192.168.1.16,192.168.1.14 minas-tirith:~ # Finally, post your /etc/exports file. You could also try to drop your firewall temporarily. - -- Cheers Carlos E. R. (from openSUSE Leap 15.2 x86_64 (Minas Tirith)) -----BEGIN PGP SIGNATURE----- iJIEAREIADoWIQQt/vKEw5659AgM/X2NrxRtxRYzXAUCYVbvzRwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJEI2vFG3FFjNcD3EBAIcCPwIpa4JXtJvu0/te vuITluw1ffl1fdrH4nZq5KgPAP9QfEImdbzAhsZa5fW21ZSgTXsJGrfqVDrNm75Y 6MFjvA== =UIkt -----END PGP SIGNATURE-----
On Fri, 1 Oct 2021 13:23:56 +0200 (CEST) "Carlos E. R." <robin.listas@telefonica.net> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
El 2021-10-01 a las 12:45 +0200, Wolfgang Mueller escribió:
On Fri, 1 Oct 2021 at 11:38:29 +0200, Carlos E. R. wrote:
On 01/10/2021 10.00, Wolfgang Mueller wrote:
...
I have deactivated the alias "nfsserver" (without hyphen).
But that did not help, the NFS server does not work, i.e. it is impossibile to NFS-mount a file on a different computer.
What is wrong? Any help is welcome.
First step, run "systemctl status nfs-server" and paste results here.
Please find the response of "systemctl status nfs-server" on http://www.ariannuccia.de/temp/systemctl_status_nfs-server.BAD
For comparison, the response of "systemctl status nfs-server" has been listed for a computer where the nfs server works correctly: http://www.ariannuccia.de/temp/systemctl_status_nfs-server.GOOD
As far as I can see, both are good.
Try showmount. See mine, server running but nothing connected.
minas-tirith:~ # systemctl status nfs-server.service ● nfs-server.service - NFS server and services Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; disabled; vendor preset: disabled) Drop-In: /usr/lib/systemd/system/nfs-server.service.d └─nfsserver.conf, options.conf /run/systemd/generator/nfs-server.service.d └─order-with-mounts.conf Active: active (exited) since Fri 2021-10-01 13:15:47 CEST; 2min 34s ago Process: 32432 ExecStart=/usr/sbin/rpc.nfsd $NFSD_OPTIONS (code=exited, status=0/SUCCESS) Process: 32431 ExecStartPre=/usr/sbin/exportfs -r (code=exited, status=0/SUCCESS) Main PID: 32432 (code=exited, status=0/SUCCESS) Tasks: 0 CGroup: /system.slice/nfs-server.service minas-tirith:~ # showmount Hosts on minas-tirith.valinor: minas-tirith:~ # showmount --all All mount points on minas-tirith.valinor: minas-tirith:~ # minas-tirith:~ # showmount --exports Export list for minas-tirith.valinor: /home 192.168.1.14/24 / 192.168.1.127,192.168.1.16,192.168.1.14 minas-tirith:~ #
Finally, post your /etc/exports file.
You could also try to drop your firewall temporarily.
As Per said, diagnostics from the client end can also be helpful.
On 02/10/2021 12.08, Wolfgang Mueller wrote:
On Fri, 1 Oct 2021 at 13:23:56 +0200, Carlos E. R. wrote:
[...] You could also try to drop your firewall temporarily.
Dropping the firewall made it. Now the NFS server works.
Thanks a lot, Carlos!
Ok, but it is not solved really, just diagnosed. We have to find the correct configuration on the firewall to just open the nfs ports and not drop the entire thing. First is knowing whether you are using the old SuSEfrewall2, or the new firewalld. systemctl status SuSEfirewall2 systemctl status firewalld -- Cheers / Saludos, Carlos E. R. (from oS Leap 15.2 x86_64 (Minas Tirith))
Hallo, you won t configure nfs to be reachable from internet. For internal use protected behind a central firewall a local second firewall is oversized. Ralf Von meinem iPad gesendet
Am 02.10.2021 um 14:06 schrieb Carlos E. R. <robin.listas@telefonica.net>:
On 02/10/2021 12.08, Wolfgang Mueller wrote:
On Fri, 1 Oct 2021 at 13:23:56 +0200, Carlos E. R. wrote: [...] You could also try to drop your firewall temporarily.
Dropping the firewall made it. Now the NFS server works.
Thanks a lot, Carlos!
Ok, but it is not solved really, just diagnosed. We have to find the correct configuration on the firewall to just open the nfs ports and not drop the entire thing.
First is knowing whether you are using the old SuSEfrewall2, or the new firewalld.
systemctl status SuSEfirewall2 systemctl status firewalld
-- Cheers / Saludos,
Carlos E. R.
(from oS Leap 15.2 x86_64 (Minas Tirith))
On 02/10/2021 14.12, Ralf Prengel wrote:
Hallo, you won t configure nfs to be reachable from internet. For internal use protected behind a central firewall a local second firewall is oversized.
Depends :-) The firewall can be configured in "internal" mode, which is less strict that "external". Not mode, but interface. Or it can be set to external because you don't trust the local network that much. I don't. Specially with a home router supplied by the ISP and which I do not fully control. Or because in the LAN there are machines or users that can not be fully trusted. Imagine you are in a business, and one of the machines gets successfully attacked with a trojan and then that machine starts attacking every other machine in the network. Or imagine you are at home, and your new ceiling lamp connects to the internet of things server outside, gets compromised, and then a cracker successfully enters your LAN through it and steals your collection of relaxing videos of lions hunting in the savannah :-) P.S: Your mail did not got posted to the list, only your copy to me. -- Cheers / Saludos, Carlos E. R. (from oS Leap 15.2 x86_64 (Minas Tirith))
On 2021-10-02 07:25:52 Carlos E. R. wrote:
|Or imagine you are at home, and your new ceiling lamp connects to the |internet of things server outside, gets compromised, and then a cracker |successfully enters your LAN through it and steals your collection of |relaxing videos of lions hunting in the savannah :-)
Well, that will never happen to me, because I can't think of a reason why I would ever install such a device in my home/network. :-) Leslie -- Distribution: openSUSE Leap 15.3 x86_64
On 10/2/21 7:17 PM, J Leslie Turriff wrote:
On 2021-10-02 07:25:52 Carlos E. R. wrote:
|Or imagine you are at home, and your new ceiling lamp connects to the |internet of things server outside, gets compromised, and then a cracker |successfully enters your LAN through it and steals your collection of |relaxing videos of lions hunting in the savannah :-) Well, that will never happen to me, because I can't think of a reason why I would ever install such a device in my home/network. :-)
But the Internet of Things is becoming ubiquitous. In my case, I have a Tivo setup that has external connections to remote servers and a Fitbit scale that connects remotely via my Wifi. You might have a networked thermostat, a clothes washer, and even a refrigerator. Then, you might even have Smartphones that take advantage of your WiFi router. I configure a "guest" subnet on my router that hosts the Wifi router, and a separate DMZ subnet for the IOT devices. Then I also use the host-based firewall on my Leap systems, you can't be too careful these days, even your hardware router could get compromised. By the way, my SuSE desktop was once compromised around 1998 via the cable-modem. I had installed SuSE 5.2 which still had portions of the documentation in German. I didn't configure the host-based firewall because I couldn't figure out how to do it! Well, maybe I was a bit lazy too. At any rate, it was remote-root compromised via a mountd bug. I caught it right away, so there wasn't any damage, but the lesson was learned! Host-based firewalls are good things, even if you don't think you need it. Regards, Lew
Am 02.10.21 um 14:12 schrieb Ralf Prengel:
Hallo, you won t configure nfs to be reachable from internet. For internal use protected behind a central firewall a local second firewall is oversized. Ralf
i disagree, it depends what all is inside your local network. i use always firewalls for each computer inside the lan. for nfs you have to open the correct ports, and, if nfs v2 is used, (as i remember from my brain) you have to tell them to use static ports if using firewalld. (SuSEfirewall2 is able to handle non static nfs ports) simoN -- www.becherer.de
participants (8)
-
Carlos E. R. -
Dave Howorth -
J Leslie Turriff -
Lew Wolfgang -
Per Jessen -
Ralf Prengel -
Simon Becherer -
Wolfgang Mueller