[geeks] An NFS conundrum (solved)

Phil Stracchino phil.stracchino at speakeasy.net
Mon Feb 19 15:10:04 CST 2007 

Mike Meredith wrote:
> Do you get success when running 'rpcinfo -p minbar' and 'showmount -e
> minbar' ? They're probably working if you can mount the volume, but
> it's worth a go. It's also worth doing a packet dump from the client
> whilst doing a mount, ls, umount to see if there's anything odd there
> especially given your other message.

They work fine.

> Is it worth trying to mount the volume on the client with
> 'proto=tcp' (or whatever the Linux option is for that) ? I'm running
> out of ideas ... I don't get on well with NFS, and some of the biggest
> dents in my desk at work have "NFS" written all over them.

I finally found the correct magic invocation for this, after reading the
manpages on the NEWLY INSTALLED box instead of my own outdated ones.
And yes, this turned out to be the key.  The clue was that when I set
minbar's nfsd to serve tcp *only*, nfs broke on babylon5 in the same way
as it broke on llioness.  So despite all the traffic LOOKING right, and
despite doing all appropriate packet scrubbing and reassembly on the
firewall, UDP datagrams are in fact getting hosed going across the firewall.

I've now changed all my nfs mounts from rsize=8192,wsize=8192,soft to
rsize=16384,wsize=16384,harc,intr,tcp,nfsvers=3 and it's all working
now.  After a little more experimentation I may try going to nfsvers=4.

>>> my security fascist tendencies show :)
>> Oh yeah, sure.  Stipulated.  But basically anyone who's connected on
>> that wireless segment is either a family member or a houseguest
>> anyway.
> 
> Unfortunately it's a reflex reaction when I see that sort of thing ...
> I don't always do the right thing at home. My wlan is currently too
> open as far as the firewall rules go, but it seems to have disappeared
> according to my phone.

At this point, I'm still tuning the WLAN security.  I intend to
eventually use WPA2 on it, but I need some more support software
installed on llioness to do so.

Cymru's work laptop (XP) is almost more of a problem on that score right
now, because of Microsoft's stupid workgroup/domain model.  It never
occurred to those blithering inbeciles that you might want to be able to
connect to Domain FOO at one location and Workgroup BAR at another, on
the same laptop, so there appears to be no way to do it without blowing
away the domain information and rejoining the domain every time you
switch locations.  But I'm working around that (I hope) by using SFU3.5
and using NFS to access the network shares from her laptop as well.


-- 
 It's not the years, it's the mileage.
 Phil Stracchino              phil.stracchino at speakeasy.net
 Renaissance Man, Unix generalist, Perl hacker, Free Stater
 Landline: 603-429-0220                Mobile: 603-320-5438

More information about the geeks mailing list