Problem with mount NFS

Hello, I have strange problem. I have two laptops with Ubuntu 19.04 and Elementary OS (18.04) with mounted NFS share from my Dietpi. Both have the same config in /etc/fstab. Everything was OK until I install ufw on dietpi. I add rules for my laptops like that:

sudo ufw allow from 192.168.0.21 to any port nfs

for ubuntu laptop

sudo ufw allow from 192.168.0.19 to any port nfs

for elementary laptop
Only ubuntu laptop see nfs share. I added another rule:

sudo ufw allow from 192.168.0.19/24 to any port nfs

but that doesn’t help.
When I try to mount from terminal on Elementary:

mount.nfs: Connection timed out



sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere                              
80/tcp                     ALLOW       Anywhere                  
443/tcp                    ALLOW       Anywhere                  
8096/tcp                   ALLOW       Anywhere                  
8920/tcp                   ALLOW       Anywhere                  
10000/tcp                  ALLOW       Anywhere                  
8888/tcp                   ALLOW       Anywhere                  
2049                       ALLOW       192.168.0.19              
2049                       ALLOW       192.168.0.21              
2049                       ALLOW       192.168.0.0/24

I know that is not dietpi problem but elementary. Maybe someone will help here?
Regards Przemko

1 Like

it seems correct NFS port is allowed. Therefore is should work.

2049                       ALLOW       192.168.0.19              
2049                       ALLOW       192.168.0.21              
2049                       ALLOW       192.168.0.0/24

Probably your Elementary systems needs some more ports to be open? Maybe you can do some network tracing using Wireshark to check why communication can’t be established.


BTW: why do you need a firewall on your DietPi system? Do you expect someone bad inside your local network? Usually your Internet router is protecting you from internet side.

Hi, thanks for answer. I don’t know how to check what ports to be opened in elementary. I install firewall because I have external IP and opened ports on router so I wont to secure my Dietp pi server. I also open port 111 but don’t work. I think I will disable ufw if I will need nfs on that system.
Regards Przemek

well I guess you open same port on your firewall as you have open on your router

22/tcp                     ALLOW       Anywhere                              
80/tcp                     ALLOW       Anywhere                  
443/tcp                    ALLOW       Anywhere                  
8096/tcp                   ALLOW       Anywhere                  
8920/tcp                   ALLOW       Anywhere                  
10000/tcp                  ALLOW       Anywhere                  
8888/tcp                   ALLOW       Anywhere

Means there is nearly no benefit at this moment. Next to that you allowed everybody to access your system on these ports. As I said, your router will protect you anyway, as it will not forward ports you did not defined. If you really like to stay in control of the traffic that is passing your network from internet, you might need to consider setting up something like a pfSense system in front of your entire network. However, even there you will need to have the ports open. Otherwise your application will not be reachable from internet :wink:

OK, I understand. I open only ports for nextcloud and Emby on my router. I have SSL for both. Very strong passwords and 2-factor authentication for nextcloud. Do You thing my server is safe? :grin:
Regards Przemek

well what does safe mean? There will be no 100% guarantee that you are 100% protected against everything. And there will be nobody who could give that guarantee. There could be always software bugs or software issues. Therefore keep your devices like router and DietPi updated as well as your running software. Keep the number on open ports down to a minimum needed.

Thanks for advice. I will focus on my router then.
Regards Przemek

You’ll also need to open 111 as well.

trendy
he started in one the post that opening port 111 did not fixed the issue

I also open port 111 but don’t work

Thank You guys for help. I will disable ufw on Dietpi and focus on secure router.
Regards Przemko