From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 1266C158042 for ; Thu, 31 Oct 2024 14:22:07 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id D6A56E087B; Thu, 31 Oct 2024 14:21:59 +0000 (UTC) Received: from sienna.cherry.relay.mailchannels.net (sienna.cherry.relay.mailchannels.net [23.83.223.165]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 635B0E0866 for ; Thu, 31 Oct 2024 14:21:59 +0000 (UTC) X-Sender-Id: thundermail|x-authsender|confabulate@kintzios.com Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 4C307163D3F for ; Thu, 31 Oct 2024 14:21:58 +0000 (UTC) ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1730384517; a=rsa-sha256; cv=none; b=GNgpNmPawAmDUldkF8Q2hSylOHzR42SSZGvYpSRYGiUXmKO8Ax9u+IwKeynEbxUigcp+FU L8tz1yI8xKIiw1oOF5UddDGCuHTWMKo0FBMs8bZV8GyJpS3sVsZfLqPZYagp0HNMXScPSp o8urCylYvIPjhcP3xGYbwXSCEist3SQFGvrkuvGMedybtgcJU3ZxwgB9wFh0/AbFL3dBTq PYxR893eOTBvn1+oUgE+qNiAr01knizbgLgDG1JN4ufvvUacKNkl5HNDLVtQlcxWV9vs0C bLE5M5vqxgbFucGqbZz3t4C9W9M83AbNAEZ9DDAqlTFizPB8TAUEoaA75w8SJQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1730384517; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references; bh=Bg0kCTek01rTilbFhFYwjPqyQE0tyYRk44CsUTCb7yA=; b=j6e0+WblNGhfg9ht8dxtsv4q9PBLx4DcXthQIcBJzYPEDpivXzzXE3HcxiHjk1fD/XAy7/ ADYFDBY9s9w8vlw2MwyZO2m7j6TUlTiIf33BYDk9qVUjEk+ZXGPUJB/xHVdrGas3mAnEi4 zECs48Fs528HDagov0j41WuTCulCjzJVCpvXF63DK29XnUm2kwZ67sx3bDvdeq2SJVQnyc oHgn1gN8d5pM9s5YFhHnWdOo6RGO9nSdyKmTVDj4wFugzCnffZdVQ+YeuxKLRA5KY1o4Da Puxr/QuJt8E6dXAfiVzI93UZ1QP57bUa/G+tY48aRdep/+hw1abWUEFXQsgzTg== ARC-Authentication-Results: i=1; rspamd-65cf4487d9-jml7x; auth=pass smtp.auth=thundermail smtp.mailfrom=confabulate@kintzios.com X-Sender-Id: thundermail|x-authsender|confabulate@kintzios.com X-MC-Relay: Neutral X-MailChannels-SenderId: thundermail|x-authsender|confabulate@kintzios.com X-MailChannels-Auth-Id: thundermail X-Decisive-Language: 7b99ce594fb285ce_1730384518117_1122305224 X-MC-Loop-Signature: 1730384518117:2304032932 X-MC-Ingress-Time: 1730384518117 Received: from mailclean11.thundermail.uk (mailclean11.thundermail.uk [149.255.60.66]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.105.170.43 (trex/7.0.2); Thu, 31 Oct 2024 14:21:58 +0000 Received: from cloud238.thundercloud.uk (cloud238.thundercloud.uk [149.255.62.116]) by mailclean11.thundermail.uk (Postfix) with ESMTPS id C7DF51E000A for ; Thu, 31 Oct 2024 14:21:55 +0000 (GMT) Authentication-Results: cloud238.thundercloud.uk; spf=pass (sender IP is 217.169.3.230) smtp.mailfrom=confabulate@kintzios.com smtp.helo=rogueboard.localnet Received-SPF: pass (cloud238.thundercloud.uk: connection is authenticated) From: Michael To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] nfs mounting Date: Thu, 31 Oct 2024 14:21:27 +0000 Message-ID: <2020013.8hb0ThOEGa@rogueboard> In-Reply-To: <2202241.irdbgypaU6@cube> References: <10555432.nUPlyArG6x@cube> <1952017.taCxCBeP46@rogueboard> <2202241.irdbgypaU6@cube> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart38458585.XM6RcZxFsP"; micalg="pgp-sha256"; protocol="application/pgp-signature" X-PPP-Message-ID: <173038451519.2557643.12850876883734674960@cloud238.thundercloud.uk> X-PPP-Vhost: kintzios.com X-Rspamd-Queue-Id: C7DF51E000A X-Rspamd-Server: mailclean11 X-Spamd-Result: default: False [-1.61 / 999.00]; SIGNED_PGP(-2.00)[]; MID_RHS_NOT_FQDN(0.50)[]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; ONCE_RECEIVED(0.10)[]; MX_GOOD(-0.01)[]; R_SPF_ALLOW(0.00)[+mx]; FUZZY_BLOCKED(0.00)[rspamd.com]; RCVD_VIA_SMTP_AUTH(0.00)[]; ASN(0.00)[asn:34931, ipnet:149.255.60.0/22, country:GB]; MISSING_XM_UA(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_COUNT_ONE(0.00)[1]; R_DKIM_NA(0.00)[]; RCVD_TLS_ALL(0.00)[]; NEURAL_HAM(-0.00)[-0.995]; REPLYTO_ADDR_EQ_FROM(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; ARC_NA(0.00)[]; DMARC_POLICY_ALLOW(0.00)[kintzios.com,none]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[gentoo-user@lists.gentoo.org]; HAS_REPLYTO(0.00)[confabulate@kintzios.com] X-Rspamd-Action: no action X-Archives-Salt: c749de75-7274-4df2-b3a2-6daeefda7c64 X-Archives-Hash: 2fe4a7c1437b13dbca3dffa49bb87810 --nextPart38458585.XM6RcZxFsP Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="utf-8"; protected-headers="v1" From: Michael To: gentoo-user@lists.gentoo.org Reply-To: confabulate@kintzios.com Subject: Re: [gentoo-user] nfs mounting Date: Thu, 31 Oct 2024 14:21:27 +0000 Message-ID: <2020013.8hb0ThOEGa@rogueboard> In-Reply-To: <2202241.irdbgypaU6@cube> MIME-Version: 1.0 On Thursday 31 October 2024 11:07:13 GMT Peter Humphrey wrote: > On Thursday 31 October 2024 09:52:23 GMT Michael wrote: > > Hmm ... if your NFS configuration works over wired Ethernet, but not over > > wireless, this could point to a lower network level problem. > > I remember you said something about problems with some DSL routers. Let's > wait and see though. I won't be ready to try it today. I had mentioned it, in the context of using the 'secure' option in /etc/ exports, which expect requests to originate from privileged service ports lower than 1024. Some wireless router firewall implementations block these ports between clients. In addition, if the WiFi 'Wireless Client Isolation' feature enabled devices are not allowed to communicate with each other (blocked at Layer 2). They have to route everything through the gateway and VLAN or other address space isolation/routing is applied there. > > I tend to use static IP addresses on both endpoints to simplify checks and > > configuration, but if you use hostnames check reverse name resolution is > > correct and adjust your /etc/hosts on both ends, check the DNS > > configuration on your LAN and check the client/server IP allocations are > > as they should be. > > I've always used static addresses. The exception is the wireless network, on > which things come and go. I'm confident in dnsmasq on the wired LAN - it's > been running for years. Is dnsmasq also used by the wireless network successfully, or is the router running its own DHCP/DNS show? > > Temporarily disable firewalls on both ends and check connectivity and > > access to NFS ports 111,2049 on the server. > > The firewalls are fine. They're the first thing I check in a case like this. > > Check firewall logs/rules on the wireless router and configure accordingly > > if they are blocking. > > The shorewall NFS macro allows TCP ports 111, 2049 and 20048; that last one > is for mountd. I think for NFSv4 only TCP port 2049 is needed, but for NFSv3 it'll need 111,2049 plus more dynamically allocated ports - I'm not entirely sure. > The router is a Fritz!Box, and it's a bit of a beast to > understand. (Is there a characteristic German approach to user interface > design? I begin to wonder, what with this and my boiler...) Fritz!Box is one of the better provisioned domestic routers. I've only used it once and mostly over wired ethernet, but was impressed by its functions and features compared to other rubbish on the market. I can't recall its firewall options menu - I would think there would be no restrictions across LAN devices, bar Wireless Client Isolation. Different VLANs would either way isolate wireless devices to their own broadcast domain. For a quick test you can disable wireless client isolation and see if things start working as expected. --nextPart38458585.XM6RcZxFsP Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEXqhvaVh2ERicA8Ceseqq9sKVZxkFAmcjkmcACgkQseqq9sKV ZxmCaA/9HNuHNj3iuixSGuK+Ime0S/SKC1e3sUMQQeOKCO4P4vGf6SY8S++Ic589 u7zrXEdAtQpb3cnFzyq52539wwJbppxwN/ic3VKQ9IFp+GuQD1ftVhpN+seNQKoe uEEFxlwPpN4loQKNn3hmWduK37LEbVALLejpAJOhMtJ+tCn9/lBzn1Qp4sjkvUX8 pZPfrj8itr1ZwXTSAidquIyVXLy+VIS0OkGlSECJTM7KgjzyiI5wiONrLa1wNVqU 0X6OcJKKvvbG+EQAFj+7HWF3eyh2Q+CfvRZlKjyFOvsK/F3Tr7UT6AJF4zarK/49 jGFpbC8tRy5KgQi5AtrnQRLM4nhmXPsXztugUxDz9lJwdGji2SLC6ISyhTmSPuD2 jJeEvZPJzIMiS9OPeMo7FPvhv0YEI/Ew5mVpduwR7puqr/Q2UTU31lyRWkJSF/UC IjYkANj9/+1Iv1qg+Y7RLm/VDDhepyLpNXeLixpq8g4MwGgH1YN7C48clvBNN2vG aPVUrcB3hvXGCgme53xk6LOXXJ/fi+0cI1Du5aErb058xBNIekeYWDVBBMm/JJmT H8VHsAECZBogResDLoK2YkZVD7ogQuE16yjnLW8EL2JftAnEJ+cvKaR+GOV0oHSn O+V/p3GKC7hr8Gk/uTRn+GIk/rPuOzoe6O1FWjm7HzWjC/WQjh0= =B/vB -----END PGP SIGNATURE----- --nextPart38458585.XM6RcZxFsP--