# NFS woes

## krisse

NFS server and client, both gentoo machines. Used to work, stopped after some upgrade or another --- unfortunately unsure. There's been updates to both kernel and userspace programs.

Server to server, I can mount NFS.

I can SSH from client to server --- but server isn't pingable from client. Any idea what could be causing that? 

```
 ~ $ sudo rpcinfo -p SERVER

   program vers proto   port  service

    100000    4   tcp    111  portmapper

    100000    3   tcp    111  portmapper

    100000    2   tcp    111  portmapper

    100000    4   udp    111  portmapper

    100000    3   udp    111  portmapper

    100000    2   udp    111  portmapper

    100024    1   udp  48604  status

    100024    1   tcp  33360  status

    100005    1   udp   4067  mountd

    100005    1   tcp   4067  mountd

    100005    2   udp   4067  mountd

    100005    2   tcp   4067  mountd

    100005    3   udp   4067  mountd

    100005    3   tcp   4067  mountd

    100003    2   tcp   2049  nfs

    100003    3   tcp   2049  nfs

    100003    4   tcp   2049  nfs

    100003    2   udp   2049  nfs

    100003    3   udp   2049  nfs

    100003    4   udp   2049  nfs

    100021    1   udp   4061  nlockmgr

    100021    3   udp   4061  nlockmgr

    100021    4   udp   4061  nlockmgr

    100021    1   tcp   4061  nlockmgr

    100021    3   tcp   4061  nlockmgr

    100021    4   tcp   4061  nlockmgr
```

```
~ $ ping -c3 SERVER

PING SERVER (xxx.xxx.xxx.xxx) 56(84) bytes of data.

--- SERVER ping statistics ---

3 packets transmitted, 0 received, 100% packet loss, time 2008ms
```

Trying to mount an NFS export, it fails with delay error. Surely, it's a connectivity problem (since not pingable)? I don't get why I can ssh to server to client (and vice versa) though. :S Tested with firewall off on both machines.

----------

## krisse

So ping from client to server fails.

But a whole bunch of ports are open at the server from the clients point of view.

Previously, I used ports in the range of 32*** for NFS (/etc/conf.d/nfs), but changed them to 40** in case that mattered.

nmap finds, among others, open ports 111, 2049, and the aforementioned 40** as setup in /etc/conf.d/nfs.

Additionally, if I change the port for mountd in /etc/conf.d/nfs, the client does try to connect to the proper port.

In other words, almost everything seems to be working properly, but in practice fails.

----------

## krinn

Many routers are setup to drop external icmp request to hide themself. If set, ping will never get answer, but other request and service will work as expected, a dedicated tiny-firewall option if you prefer (with 0 relation to the router or host firewall setup). 

As you hide your IP i suppose your server and client are on two networks, facing router setup so.

If they are on the same network, this shouldn't apply, so yes you have a connection problem.

Your nfs trouble could just be another trouble, with no relation to your ping problem.

----------

## krisse

Thanks for chiming in, krinn!

You're right. There's two separate networks (in two separate countries for that matter), and two separate routers.

Managed to get ping working after a thorough look in the router's firewall-settings, serverside.

Still not getting any luck with nfs though.

Ports are being forwarded (serverside, router). Firewall is letting said ports through.

These ports are: (nfs config) 

```
OPTS_RPC_MOUNTD="-p 4063"

OPTS_RPC_STATD="-p 4064 -o 4065
```

 and (grub kernel opt) 

```
lockd.nlm=udpport=4061 lockd.nlm_tcpport=4061
```

, as well as 2049 (nfs) and 111 (portmap).

Netstat is also showing, viewed from server as well as client, that the ports above are open on server.

Am I missing anything, "portwise"?

----------

## krinn

you can pass -vvv to get a verbose output with the client request.

newer nfsutils doesn't allow anymore the lazzy mount of nfsv3 for nfsv4 server.

previously an nfsv4 server offering nfsv3 & 4 service could be mount with a buggy client requesting an nfsv3 mount

damnit i'm not sure how to explain that  :Smile: 

- if your client try to mount an nfsv4 mount, the mount must comply with strict nfsv4 (this mean having a nfsroot present, and subdirectories bind to it)

- if your client try to mount an nfsv3 mount from an nfsv4 server, the client must specifically query that, passing nfsvers=3,ver=3

anyway, assuming your ports are forward and open as they should, trying to mount with -vvv will gave a better clue of your problem.

----------

## krisse

Thanks for the input!

I tried with explicit NFS3, but didn't work, and -vvv unfortunately didn't give me anything new --- just a bunch of tries at correct port and address (and nfs version), ending up with timing out. :-/

----------

