Monday, March 8, 2010

NFS server setup (getport(nfs): request from unauthorized host| dump(): request from unauthorized host ) RedHat EL

I tried to make a simple nfs server on a redhat el 5.4 that uses /etc/hosts.allow and /etc/hosts.deny

I have the following nfs setup:


into /etc/hosts  client server

 into /etc/exports
 /home/nfs-server client(rw,no_root_squash)

into /etc/hosts.deny

# wildcard that denies all

into /etc/hosts.allow


I start the portmap (service portmap start) on both machines and try to mount the server from client ... by my surprise there is no luck && try to do a rpcinfo -p  - it failed with - No remote programs registered
Looking into the server logs I can see

portmap[3058]: connect from x.x.x.x  to getport(nfs): request from unauthorized host

portmap[3061]: connect from x.x.x.x to dump(): request from unauthorized host

Doing different searches on the subject I came accross a bug redhat has on their site

So ... the solution seems to be the following - you need to add the ip address of the client AND the client host name into /etc/hosts.allow - even though portmap has the tcp_wrappers / libwrap compiled static and doesn't read directly the files /etc/hosts.allow|deny.

This is what I added on the server /etc/hosts.allow

mountd: client
statd: client
portmap: client
rquotad: client

After this - happy NFS.

Disable at runtime selinux

There are times when you need to test something quick and selinux is in your way ... what do you do then ?
Instead of going with a full reboot you can just do the following

echo 0 > /selinux/enforce

This will disable the selinux at runtime. If the system is configured with selinux enabled into his config file
(on redhat/centos /etc/sysconfig/selinux ) next time you reboot it will be enable.

To enable at runtime

echo 1 > /selinux/enforce