| View previous topic :: View next topic |
| Author |
Message |
ggeeoo
n00b
Joined: 27 Apr 2006
Posts: 48
|
 Posted: Tue Sep 01, 2009 7:51 am Post subject: NFSv4 & NAT traversal [SOLVED] |
 |
|
I have to use NFS behind a NAT so I decided to try NFSv4 since traversing NAT with NFSv3 is not possible. On the server I have the following configuration:
| /etc/exports: | /export *(rw,fsid=root,insecure,no_subtree_check,async,all_squash)
/export/test *(rw,nohide,insecure,async,no_subtree_check) |
On the client I give | Code: | | mount -t nfs4 -o tcp nfs4_server:/test /mnt/test |
The problem is that the above command works just fine when the client is directly connected in the same network as the server, but it doesn't work when the client is connected via NAT (the configuration of client is otherwise the same). It fails with the following error:
| error: | | mount.nfs4: Operation not permitted |
So the problem seems to be caused by NAT.
This seems strange to me: in NFSv4, the client establishes a single outbound tcp connection to the server (on the remote port 2049). Why is NAT causing a problem to that? After all, I can successfully establish this tcp connection using netcat.
Last edited by ggeeoo on Wed Sep 02, 2009 2:12 am; edited 1 time in total |
|
| Back to top |
|
 |
richard.scott
Veteran
Joined: 19 May 2003
Posts: 1497
Location: Oxfordshire, UK
|
| Posted: Tue Sep 01, 2009 10:28 am Post subject: |
|
|
From what I can understand TCP is the default in NFSv4 so you don't need the "-o tcp" option.
try this as your mount command:
| Code: | | mount -t nfs4 nfs4_server:/export/test /mnt/test |
Note the lack of "-o tcp" and the addition of "/export" in the servers directory name.
AFAIK the export is relative to root so /test won't work, but /export/test should.
Rich. |
|
| Back to top |
|
|
ggeeoo
n00b
Joined: 27 Apr 2006
Posts: 48
|
| Posted: Tue Sep 01, 2009 2:49 pm Post subject: |
|
|
| richard.scott wrote: | AFAIK the export is relative to root so /test won't work, but /export/test should.
Rich. |
In NFSv4 (unlike v3), the export is relative to the root of the "NFSv4 pseudofileystem" which is specified by the "fsid=root" (or "fsid=0") option.
Besides, as I explained above, the command (with or without "-o tcp")
| Code: | | mount -t nfs4 -o tcp nfs4_server:/test /mnt/test |
actually works when I am connected directly to the server's network. |
|
| Back to top |
|
|
ggeeoo
n00b
Joined: 27 Apr 2006
Posts: 48
|
| Posted: Wed Sep 02, 2009 2:12 am Post subject: |
|
|
Ok, I don't know why but the following worked:
I changed the following line in /etc/exports, from
| Code: | | /export/test *(rw,nohide,insecure,async,no_subtree_check) |
to
| Code: | | /export/test *(rw,fsid=1,nohide,insecure,async,no_subtree_check) |
Apparently, nfs couldn't assign an fsid to /export/test automatically for some reason (maybe because /export/test is actually a bind mount) so I had to do it manually. I don't see how this relates to the NAT issue though. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
