Problem with mount NFS Topic is solved

Have some feedback, questions, suggestions, or just fancy a chat? Pop it in here.
Post Reply
przemko
Posts: 82
Joined: Sun Mar 15, 2020 5:40 pm

Problem with mount NFS

Post by przemko »

Hello, I have strange problem. I have two laptops with Ubuntu 19.04 and Elementary OS (18.04) with mounted NFS share from my Dietpi. Both have the same config in /etc/fstab. Everything was OK until I install ufw on dietpi. I add rules for my laptops like that:

Code: Select all

sudo ufw allow from 192.168.0.21 to any port nfs
for ubuntu laptop

Code: Select all

sudo ufw allow from 192.168.0.19 to any port nfs
for elementary laptop
Only ubuntu laptop see nfs share. I added another rule:

Code: Select all

sudo ufw allow from 192.168.0.19/24 to any port nfs
but that doesn't help.
When I try to mount from terminal on Elementary:

Code: Select all

mount.nfs: Connection timed out

Code: Select all

sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere                              
80/tcp                     ALLOW       Anywhere                  
443/tcp                    ALLOW       Anywhere                  
8096/tcp                   ALLOW       Anywhere                  
8920/tcp                   ALLOW       Anywhere                  
10000/tcp                  ALLOW       Anywhere                  
8888/tcp                   ALLOW       Anywhere                  
2049                       ALLOW       192.168.0.19              
2049                       ALLOW       192.168.0.21              
2049                       ALLOW       192.168.0.0/24 
 
I know that is not dietpi problem but elementary. Maybe someone will help here?
Regards Przemko
User avatar
Joulinar
Posts: 2572
Joined: Sat Nov 16, 2019 12:49 am

Re: Problem with mount NFS

Post by Joulinar »

it seems correct NFS port is allowed. Therefore is should work.

Code: Select all

2049                       ALLOW       192.168.0.19              
2049                       ALLOW       192.168.0.21              
2049                       ALLOW       192.168.0.0/24 
Probably your Elementary systems needs some more ports to be open? Maybe you can do some network tracing using Wireshark to check why communication can't be established.


BTW: why do you need a firewall on your DietPi system? Do you expect someone bad inside your local network? Usually your Internet router is protecting you from internet side.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
przemko
Posts: 82
Joined: Sun Mar 15, 2020 5:40 pm

Re: Problem with mount NFS

Post by przemko »

Joulinar wrote: Mon May 04, 2020 9:28 pm it seems correct NFS port is allowed. Therefore is should work.

Code: Select all

2049                       ALLOW       192.168.0.19              
2049                       ALLOW       192.168.0.21              
2049                       ALLOW       192.168.0.0/24 
Probably your Elementary systems needs some more ports to be open? Maybe you can do some network tracing using Wireshark to check why communication can't be established.


BTW: why do you need a firewall on your DietPi system? Do you expect someone bad inside your local network? Usually your Internet router is protecting you from internet side.
Hi, thanks for answer. I don't know how to check what ports to be opened in elementary. I install firewall because I have external IP and opened ports on router so I wont to secure my Dietp pi server. I also open port 111 but don't work. I think I will disable ufw if I will need nfs on that system.
Regards Przemek
User avatar
Joulinar
Posts: 2572
Joined: Sat Nov 16, 2019 12:49 am

Re: Problem with mount NFS

Post by Joulinar »

well I guess you open same port on your firewall as you have open on your router

Code: Select all

22/tcp                     ALLOW       Anywhere                              
80/tcp                     ALLOW       Anywhere                  
443/tcp                    ALLOW       Anywhere                  
8096/tcp                   ALLOW       Anywhere                  
8920/tcp                   ALLOW       Anywhere                  
10000/tcp                  ALLOW       Anywhere                  
8888/tcp                   ALLOW       Anywhere            


Means there is nearly no benefit at this moment. Next to that you allowed everybody to access your system on these ports. As I said, your router will protect you anyway, as it will not forward ports you did not defined. If you really like to stay in control of the traffic that is passing your network from internet, you might need to consider setting up something like a pfSense system in front of your entire network. However, even there you will need to have the ports open. Otherwise your application will not be reachable from internet ;)
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
przemko
Posts: 82
Joined: Sun Mar 15, 2020 5:40 pm

Re: Problem with mount NFS

Post by przemko »

OK, I understand. I open only ports for nextcloud and Emby on my router. I have SSL for both. Very strong passwords and 2-factor authentication for nextcloud. Do You thing my server is safe? 😁
Regards Przemek
User avatar
Joulinar
Posts: 2572
Joined: Sat Nov 16, 2019 12:49 am

Re: Problem with mount NFS

Post by Joulinar »

well what does safe mean? There will be no 100% guarantee that you are 100% protected against everything. And there will be nobody who could give that guarantee. There could be always software bugs or software issues. Therefore keep your devices like router and DietPi updated as well as your running software. Keep the number on open ports down to a minimum needed.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
przemko
Posts: 82
Joined: Sun Mar 15, 2020 5:40 pm

Re: Problem with mount NFS

Post by przemko »

Thanks for advice. I will focus on my router then.
Regards Przemek
User avatar
trendy
Posts: 152
Joined: Tue Feb 25, 2020 2:54 pm

Re: Problem with mount NFS

Post by trendy »

You'll also need to open 111 as well.
User avatar
Joulinar
Posts: 2572
Joined: Sat Nov 16, 2019 12:49 am

Re: Problem with mount NFS

Post by Joulinar »

@trendy
he started in one the post that opening port 111 did not fixed the issue
I also open port 111 but don't work
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
przemko
Posts: 82
Joined: Sun Mar 15, 2020 5:40 pm

Re: Problem with mount NFS

Post by przemko »

Thank You guys for help. I will disable ufw on Dietpi and focus on secure router.
Regards Przemko
Post Reply