Help - Search - Members - Calendar
Full Version: Five Dollars Anyone?
Linuxhelp > Support > Technical Support
richessence
It may not seem like much, but I'll actually pay someone the five dollars if they give me the solution.


Iím at the step where I need to verify portmap is working OK on the box I want to share.

IN the process of preparing a FC3 Linux box to share a directory out.

I get this error when I run Rpcinfo Ėp:
can't contact portmapper: RPC: Remote system error- Connection denied

Researching articles on the web, I found out this could be because of some errors in hosts.allow/deny or my exports file.
I believe my syntax is correct & when I change it, I believe it exports OK, as I donít get any errors (or anything else ) when I do this command:
Exportfs Ėr

When I run nfs restart all daemons start except portmap.
For that I get the following error:
RPC: failed to contact portmap (errno-5)

Then I tried exportfs Ėvar
It seemed to work as it said:
ďexporting *:/home/mark

Then running nfs restart does work
But I still get that error when running rpcinfo Ėp

And a portmapper failure error when running
Showmount -e

Iíve tried putting the FQH name & then the IP address for my share server in the exports file, that didnít work so I took it out.

At one time I also changed my hosts.allow file to ALL: ALL

Iíve found out (correctly I hope) that even though I want portmap I need to have an entry in the hosts.deny file such as: portmap: ALL
But Iíve also tried it without this entry in here & it the hosts.allow file.

The box Iíd like to share-out is 192.168.113.1
The box Iíd like to connect to it is 192.168.113.2

Iíve included my hosts & exportfs files below.
Any information would be helpful.
I donít know if this has anything to do with it, but my NIC doesnít retain itís values (ip/mask) info even though I put it in the /etc/sysconfig/network-scripts/ifcfg-eth0 file. But I do get IP by manually using the ifconfig command.
So I included that as well.

Thank you,

Mark

EXPORTS
#Exports file
/home/mark *(no_root_squash)

HOSTS.ALLOW
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
ALL: 192.168.113.1
ALL: 192.168.113.2
portmap: 192.168.113.0/255.255.255.0


HOSTS.DENY
#
# hosts.deny This file describes the names of the hosts which are
# *not* allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow. In articular
# you should know that NFS uses portmap!
ALL:ALL
portmap: ALL

IFCFG-ETH0
#This should be autoconfiguring my card, but it's not!
DEVICE=eth0
IPADDR=192.168.113.1
NETMASK=255.255.255.0
ONBOOT=yes
TYPE=ethernet
Termina
Have you made sure the line '-i 127.0.0.1' option from ARGS in the file /etc/default/portmap (or whatever it is with your distro) is removed? Then restart portmap.

You did something very bad, security wise. wink.gif

[quote]
/home/mark *(no_root_squash)
[/quote]

That is letting anyone who has root on their local machine gain root access on your machine, with no IP address restriction.

Try:

/home/mark 192.168.113. (rw,no_root_squash,async)

Where 192.168.113.* is your intranet. NFS isn't encrypted, IIRC, so if you are trying to do this over the internet, I wouldn't advise it.


[quote]
HOSTS.ALLOW
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
ALL: 192.168.113.1
ALL: 192.168.113.2
portmap: 192.168.113.0/255.255.255.0
[/quote]

I might just be unfamilar with the way you did this, but you might also want to try using this instead:

[quote]
ALL: 192.168.113.1
ALL: 192.168.113.2
#The below line is the same as yours, or 192.168.113.0/24... but just in case it doesn't allow the
# way you used it, let's try this instead.
portmap: 192.168.113.
[/quote]
richessence
Thanks Termina Iíll give it a shot.
Mark





[QUOTE]Everything is for sale, even a man's soul.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2017 Invision Power Services, Inc.