Re: [gentoo-user] nfs mounting

[Michael <confabulate@kintzios.com>]

[-- Attachment #1: Type: text/plain, Size: 2840 bytes --]

On Thursday 31 October 2024 11:07:13 GMT Peter Humphrey wrote:
> On Thursday 31 October 2024 09:52:23 GMT Michael wrote:

> > Hmm ... if your NFS configuration works over wired Ethernet, but not over
> > wireless, this could point to a lower network level problem.
> 
> I remember you said something about problems with some DSL routers. Let's
> wait and see though. I won't be ready to try it today.

I had mentioned it, in the context of using the 'secure' option in /etc/
exports, which expect requests to originate from privileged service ports 
lower than 1024.  Some wireless router firewall implementations block these 
ports between clients.  In addition, if the WiFi 'Wireless Client Isolation' 
feature enabled devices are not allowed to communicate with each other 
(blocked at Layer 2).  They have to route everything through the gateway and 
VLAN or other address space isolation/routing is applied there.


> > I tend to use static IP addresses on both endpoints to simplify checks and
> > configuration, but if you use hostnames check reverse name resolution is
> > correct and adjust your /etc/hosts on both ends, check the DNS
> > configuration on your LAN and check the client/server IP allocations are
> > as they should be.
> 
> I've always used static addresses. The exception is the wireless network, on
> which things come and go. I'm confident in dnsmasq on the wired LAN - it's
> been running for years.

Is dnsmasq also used by the wireless network successfully, or is the router 
running its own DHCP/DNS show?


> > Temporarily disable firewalls on both ends and check connectivity and
> > access to NFS ports 111,2049 on the server.
> 
> The firewalls are fine. They're the first thing I check in a case like this.
> > Check firewall logs/rules on the wireless router and configure accordingly
> > if they are blocking.
> 
> The shorewall NFS macro allows TCP ports 111, 2049 and 20048; that last one
> is for mountd.

I think for NFSv4 only TCP port 2049 is needed, but for NFSv3 it'll need 
111,2049 plus more dynamically allocated ports - I'm not entirely sure.


> The router is a Fritz!Box, and it's a bit of a beast to
> understand. (Is there a characteristic German approach to user interface
> design? I begin to wonder, what with this and my boiler...)

Fritz!Box is one of the better provisioned domestic routers.  I've only used 
it once and mostly over wired ethernet, but was impressed by its functions and 
features compared to other rubbish on the market.  I can't recall its firewall 
options menu - I would think there would be no restrictions across LAN 
devices, bar Wireless Client Isolation.  Different VLANs would either way 
isolate wireless devices to their own broadcast domain.  For a quick test you 
can disable wireless client isolation and see if things start working as 
expected.

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 833 bytes --]