Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I guess I forgot to mention, I have gotten the printing to work! I just have to disable the firewall to do it! Thats what I am trying to accomplish now, doing all this without having to disable the firewall. I will check out that link though!
Thanks
Justbill
I have tried the LINWIZ tool, that was pretty cool, just didn't seem to want to work when I put it into /etc/sysconfig/iptables , and then if I disabled, and then enabled the firewall, it always went back to the originall IPTables before I used linwiz. No luck with Guarddog either, I don't know whats going on here. I can't get the rpcinfo -p command to work either (almost time to get the shotgun) Does anyone know of any good tutorials on setting up a firewall for a home network (written in souther Missouri hillbilly(its kind of a subculture of english)) ?
Sorry can't help much as am new to netwking myself. I have setup hdwired ntwk thru hub with one PC connected to 'net thru DSL. Apparently that is not how you do it but I did it. Now have ssh for file sharing, and internet sharing setup. Also have quasinetwork printing working.
I read tons of tutorials like you. Apparently, Unix and Linux were designed and built on networks for network use and was done in academic and industry settings so there was NO ATTENTION given to the possibility that newbie desktop users were ever going to want to learn this stuff.
Most if not all computer/networking documentation is really a reference for experienced users or is very FEATURE-centric and does NOT describe how to setup various protocols and apps IN CONTEXT.
One example is a well known web filter, shipped with a mainstream distros, that has mass quantities of file configuration howtos, install howtos, compile howtos, etc. Guess what? Nowhere does it say how to access the application once it's been installed!! It was not in the GUI menu, and when you type it into a console, reply was that the app was "already installed". Three of us could not figure out how to access this app until hours later after "stumbling" across the answer. I'll accept a certain amount of responsibility for lack of understanding, but that's just plain horrible documentation.
Distribution: Anything NOT SystemD (ie. M$) related.
Posts: 918
Rep:
Quote:
Originally Posted by Justbill
This Guarddog is quite confusing also! I have been through the handbook, and its just not quite coming together. Do you know of any other available information on Guarddog that may help here? Its set up , and it must be working , because I can't get past it to mount an nfs share!
Thanks
Justbill
i don't have any more info on guarddog.
the reason i suggest it to people is because it is one of the programs i use that is fairly easy to set up outa the box.
compared to 'other' firefalls and straight-up-iptables.. it is a dream for someone not tooo familiar with the finer aspects of firewalls.
i always have my routers wall up (or i disconnect totally) from the net when i work on my local net.
sooo taking down the dog until you've figured out how to open the (variable?) ports that nfs alocates.. should not be a worry -- (as long as you take the same precausions i do that is).
Hi All,
Well I can't help but believe that I am almost there!
I followed the directions exactly on the linwiz page that Habu posted. I am still getting "Server is Down" messege when I try to mount from box2 but I think I know where the problem is, I just don't know the solution! Please bear with me, and I will post everything I did.
First, I changed the /etc/init.d/nfslock file, this is what my output is:
start() {
if [ ! -f /var/lock/subsys/nfslock ]; then
# Start daemons.
if [ "$USERLAND_LOCKD" ]; then
echo -n $"Starting NFS locking: "
daemon rpc.lockd
echo
fi
echo -n $"Starting NFS statd: "
# See if a statd's ports has been defined
[ -n "$STATD_PORT" ] && STATDARG="$STATDARG -p $STATD_PORT"
[ -n "$STATD_OUTGOING_PORT" ] \
&& STATDARG="$STATDARG -o $STATD_OUTGOING_PORT"
daemon rpc.statd -p 4000
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/nfslock
fi
return $RETVAL
}
The next thing, and this is where I believ the problem is, the NFS Lock Manager. I will copy the tutorial here and explain what I did:
The NFS lock manager is a kernel module. It implements the NLM (NFS Lock Manager) part of the NFS subsystem, used for handling file and resource locks of various types. This component is sometimes referred to "rpc.lockd", and shows up in the output of rpcinfo as "nlockmgr"(hey - consistancy would only make life booring!).
On systems where the lock manager is implemented as a loadable module the port number used is set at module load time, and so is configured by adding (or editting) a line in the /etc/modules.conf file, as follows..
options lockd nlm_udpport=4001 nlm_tcpport=4001
This sets the udp and tcp/ip port numbers. Conventionally, these two numbers should be set to the same value.
If your system has the lockd code compiled into the main kernel binary rather than as a loadable module, then the settings in modules.conf wont work. You need to add the parameters "lockd.udpport=4001 lockd.tcpport=4001" to the kernel command line in the lilo or grub configuration instead.
Note on the linux kernel versions before 2.4.12: - the handling of these parameters was introduced into linux kernel version 2.4.11. But since 2.4.11 is flagged as a "dont use" release, you should verify that your system has kernel 2.4.12 or later installed in order for this to work. Use the command "uname -a" to see the kernel version you are running.
To fix the port used by the NFS Lock Manager, add a line (as above) to /etc/modules.conf or lilo.conf (or grub.conf) as appropriate, and configure the firewall to manage the port number selected. (You may find the 'LinWiz://ServerFirewall' wizard helpful when setting up a firewall for Linux).
I did not have a /etc/modules.config file, so I looked at /etc/grub.conf this is what that output was:
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You do not have a /boot partition. This means that
# all kernel and initrd paths are relative to /, eg.
# root (hd0,2)
# kernel /boot/vmlinuz-version ro root=/dev/sda3
# initrd /boot/initrd-version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,2)/boot/grub/splash.xpm.gz
hiddenmenu
title Fedora Core (2.6.14-1.1656_FC4)
root (hd0,2)
kernel /boot/vmlinuz-2.6.14-1.1656_FC4 ro root=LABEL=/1 rhgb quiet
initrd /boot/initrd-2.6.14-1.1656_FC4.img
title Fedora Core (2.6.14-1.1653_FC4)
root (hd0,2)
kernel /boot/vmlinuz-2.6.14-1.1653_FC4 ro root=LABEL=/1 rhgb quiet
initrd /boot/initrd-2.6.14-1.1653_FC4.img
title Windows XP
rootnoverify (hd0,1)
chainloader +1
[root@Goliath bill]#
I was not sure if that was the file I needed to edit, so I didn't (looked pretty scary to me!). So I created the /etc/modules.conf file using vim. I have added all the ports to SELinux in "Other Ports", and I also rebooted the computer, and then went to box2 to mount -t nfs Goliath.justbillsguitars.com:/home/bill /mnt and I got the "Server is Down" messege.
I realize I posted quite a bit here, but I wanted to try to provide as much information as possible! I do believe I am close here, and this is just some minor thing.
Thanks in advance for any help, and for taking the time to read all of this.
Justbill
P.S. I can mount from box2 to box1 with the firewall down, I am trying to do it with the firewall in place. Also, to save space I did not post the things that seem to have worked with no problem (a few of the easier linwiz steps), but if you need them I can post those outputs also.
Don't get me wrong halvy, I liked what I saw on Guarddog! It looks real user friendly, and real secure! I may switch to it after some more research, I just got a little perplexed on the Internet and local settings. Admittedly, I have a long way to go with my understanding of what things mean in the computer world. I need real clear instructions.
I really appreciate all of your efforts, habu's efforts, and everyone else who has contributed to this thread, and my effort to get my network up and going, and my firewall tweaked.
To try to be subtle, I DID IT, I DID IT, I DID IT!!!!!
I deleted that section of script in /etc/init.d/nfslock, and then remembered I forgot to add 111:tcp, 111:udp, 4002:tcp, & 4002:udp to the "other ports" in SELinux. Did that, and it mounted right away!
Many Thanks to all who helped with this project! So I guess this is the end of this thread, until......... I want to play games with my kids on the two boxes (what am I thinking? )
The linwiz tutorial on nfs was priceless!
Thanks Again
Justbill
P.S. The printer is also sending print jobs to the printer from box2 (added 631:tcp to "other ports").
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.