Boot from NFS server with UBoot - nfs

I have a problem with an NFS server. I basically have to boot an embedded processor from NFS.
On an ubuntu machine I simply put the filesystem in /tftpboot,
added in /etc/exports this line:
/tftpboot *(rw,no_root_squash,no_all_squash,sync)
then I executed the commands:
sudo /usr/sbin/exportfs -av
sudo /etc/init.d/nfs-server restart
but on the embedded processor I get this error:
Looking up port of RPC 100003/2 on 192.168.2.11
Looking up port of RPC 100005/1 on 192.168.2.11
VFS: Unable to mount root fs via NFS, trying floppy.
VFS: Cannot open root device "nfs" or unknown-block(2,0)
Please append a correct "root=" boot option
Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(2,0)
in particular the lines
Looking up port of RPC 100003/2 on 192.168.2.11
Looking up port of RPC 100005/1 on 192.168.2.11
make me think that the problem is in the configuration of the NFS server, anybody can help me?


I had today exactly the same problem with an old embedded device and an NFS Server installed on SUSE Leap.
I sniffed the communication with Wireshark and it gave me an idea of what went wrong.
In my case the problem had to do with "iptable filter" and "NFS server version":
Configure iptables to open the NFS related ports at the NFS server side
My device only supported version 2 of NFS, and SUSE NFS server was configured by default to support v3 and v4.
To solve 1:
You can check post
Iptables Rules for NFS Server and NFS Client
sudo iptables -A INPUT -s 172.17.200.26/16 -d 172.17.200.26/16 -p udp -m multiport --dports 10053,111,2049,32769,875,892,20048,950 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -s 172.17.200.26/16 -d 172.17.200.26/16 -p tcp -m multiport --dports 10053,111,2049,32803,875,892,20048,950 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -s 172.17.200.26/16 -d 172.17.200.26/16 -p udp -m multiport --sports 10053,111,2049,32769,875,892,20048,950 -m state --state ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -s 172.17.200.26/16 -d 172.17.200.26/16 -p tcp -m multiport --sports 10053,111,2049,32803,875,892,20048,950 -m state --state ESTABLISHED -j ACCEPT
To solve 2 You can check:
https://documentation.suse.com/sles/15-SP1/html/SLES-all/cha-nfs.html#sec-nfs-configuring-nfs-server
Enable NFS version 2 on the server by modifying /etc/sysconfig/nfs by setting:
NFSD_OPTIONS="-V2"
MOUNTD_OPTIONS="-V2
I hope it helps someone, i lost some hours with this issue
I add a screenshot of problem 2 which was found because of wireshark capture:

Related

Can't access RabbitMQ web management interface from external ips

After a fresh install of RabbitMQ server on CentOs 7.7
I can reach the :15672 port from localhost
curl -i http://localhost:15672
HTTP/1.1 200 OK
But i cant reach the web interface from external ips
curl -i http://serverRemoteIp:15672
curl: (7) Failed connect to serverRemoteIp:15672; Connection timed out
the server is remote, so i need access from remote ips
any idea?

First, yesterday I exec this on my server
sudo iptables -A INPUT -p tcp -m tcp --dport 15672 -j ACCEPT
and the problem continue. Yoday I run:
iptables -I INPUT 1 -p tcp --dport 15672 -j ACCEPT
service iptables save
service iptables restart
and works!!

Remote access to Huawei E3372 WebInterface on headless RaspberryPi

I'm trying to (remotely) connect to the E3372's (Huawei LTE stick) WebInterface...
The E3372 is recognised by my RaspberryPi as "12d1:14dc Huawei Technologies Co., Ltd." - so it seems to be in HiLink-mode. Good.
using
> ifconfig
I see that the stick uses eth1 / 192.126.8.100
and the WebInterface's web-server is supposed to run on 192.168.8.1...
To verify this, on the Pi (from PC using ssh to eth0 with a DHCP-assigned IP-address of 192.168.10.123) I can e.g. query (read) the starting-page of the E3372's WebInterface using:
> curl 192.168.8.1/html/home.html
...so obviously the web-server is up-and-running!
Now I try to forward connections on eth0's port=80 (192.168.10.123:80) to 192.168.8.1:80, so I can then access the WebInterface from an external PC connected to the Pi's eth0; so I:
1) enable ip4-port-forwarding:
> sudo nano /proc/sys/net/ipv4/ip_forward
--> and change the '0' to '1'
2) use iptables to set the appropriate forwarding:
> sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0 -j DNAT --to 192.168.8.1:80
> sudo iptables -A FORWARD -p tcp -d 192.168.8.1 --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
Now using a browser on the PC with the URL "http://192.168.10.123" yields (after some seconds): "This site can’t be reached"...
please help! what's wrong here???
Thanks for helping!

Iptables Rules for NFS Server and NFS Client

Without iptables rules I am able to mount my NFSSERVER:/PATH but with it(firewall/iptables) enabled I am not able to mount.
[.e.g., after iptables --flush/ firewaalld stop ; mount NFSSERVER:/Path works ]
I am not supposed to disable/clear the firewall/iptables but I am allowed to open a port. What is the rule that I need to add to open up the port/mount?
Current default policy is DROP all INCOMING/OUTGOING/FORWARD and there are couple of rules to allow wget from external 80 port etc.,
adding the NFS Server port didnt help.
iptables -A OUTPUT -p tcp --dport 2049 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --sport 2049 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p udp --dport 2049 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p udp --sport 2049 -m state --state ESTABLISHED -j ACCEPT
Thanks.
PS: This is for nfs client not NFS server machine.

If all you need is NFS version 4 (which is already over 10 years old), you don't need to go to all of the effort described in #Sathish's answer. Just make sure TCP port 2049 is open the server's firewall, and that the client's firewall allows outbound traffic to port 2049 on the server.
CentOS 5 (also old) has a nice explanation of why NFSv4 is more firewall friendly than v3 and v2.

NFS SERVER:
Configure Ports for rquotd(875/udp; 875/tcp), lockd(32803/tcp; 32769/udp), mountd(892/udp; 892/tcp), statd(10053/udp; 10053/tcp), statd_outgoing(10054/udp; 10054/tcp)
vim /etc/sysconfig/nfs
If desired, disable NFS v3 and NFS v2 suport by editing lines 5 & 6 of /etc/sysconfig/nfs
MOUNTD_NFS_V2="no"
MOUNTD_NFS_V3="no"
Save current Iptables rules for later use. (if iptables-save is absent in your distribution, you may try iptables -S filename )
iptables-save > pre-nfs-firewall-rules-server
Flush and check Iptables rules
iptables -F
iptables -L
Stop and Start NFS and related Services in the following sequence
service rpcbind stop
service nfslock stop
service nfs stop
service rpcbind start
service nfslock start
service nfs start
Make sure the configured NFS and its associated ports shows as set before and notedown the port numbers and the OSI layer 4 protcols. The standard port numbers for rpcbind (or portmapper) are 111/udp, 111/tcp and nfs are 2049/udp, 2049/tcp.
rpcinfo -p | sort -k 3
Restore the pre-nfs-firewall-rules now
iptables-restore < pre-nfs-firewall-rules-server
Write iptables rules for NFS server (Note: Loopback adapter has to allowed, else you will see packets dropped and also when you restart nfs service, it will spit ERROR {Starting NFS quotas: Cannot register service: RPC: Timed out rpc.rquotad: unable to register (RQUOTAPROG, RQUOTAVERS, udp). [FAILED]} for rquotad daemon. You can check this by adding a rule with LOG jump target at the bottom of INPUT or OUTPUT chains of filter table)
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -A INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p udp -m multiport --dports 10053,111,2049,32769,875,892 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p tcp -m multiport --dports 10053,111,2049,32803,875,892 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p udp -m multiport --sports 10053,111,2049,32769,875,892 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p tcp -m multiport --sports 10053,111,2049,32803,875,892 -m state --state ESTABLISHED -j ACCEPT
iptables -I INPUT -i lo -d 127.0.0.1 -j ACCEPT
iptables -I OUTPUT -o lo -s 127.0.0.1 -j ACCEPT
iptables -L -n --line-numbers
Configure NFS exports directory
vim /etc/exports
exportfs -av
showmount -e
rpcinfo -p
Stop and Start NFS and related Services in the following sequence
service rpcbind stop
service nfslock stop
service nfs stop
service rpcbind start
service nfslock start
service nfs start
NFS CLIENT:
Save current Iptables rules for later use. (if iptables-save is absent in your distribution, you may try iptables -S filename )
iptables-save > pre-nfs-firewall-rules-client
Flush and check Iptables rules
iptables -F
iptables -L
Obtain the firewalled NFS Server ports from the client machine and notedown the port numbers and the OSI layer 4 protcols.
rpcinfo -p 'ip-addr-nfs-server' | sort -k 3
Restore the pre-nfs-firewall-rules now
iptables-restore < pre-nfs-firewall-rules-client
Write iptables rules for NFS client (Note: Loopback adapter has to allowed, else you will see packets dropped and also when you restart nfs service, it will spit ERROR {Starting NFS quotas: Cannot register service: RPC: Timed out rpc.rquotad: unable to register (RQUOTAPROG, RQUOTAVERS, udp). [FAILED]} for rquotad daemon. You can check this by adding a rule with LOG jump target at the bottom of INPUT or OUTPUT chains of filter table)
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -A INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p udp -m multiport --sports 10053,111,2049,32769,875,892 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p tcp -m multiport --sports 10053,111,2049,32803,875,892 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p udp -m multiport --dports 10053,111,2049,32769,875,892 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p tcp -m multiport --dports 10053,111,2049,32803,875,892 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -I INPUT -i lo -d 127.0.0.1 -j ACCEPT
iptables -I OUTPUT -o lo -s 127.0.0.1 -j ACCEPT
iptables -L -n --line-numbers
Stop and Start NFS and related Services in the following sequence
service rpcbind stop
service nfslock stop
service nfs stop
service rpcbind start
service nfslock start
service nfs start
List NFS Server exports
showmount -e 'ip-addr-nfs-server'
Mount NFS Exports manually (persistent mounts can be configured using /etc/fstab)
mount -t nfs ip-addr-nfs-server:/exported-directory /mount-point -o rw,nfsvers=3
mount -t nfs ip-addr-nfs-server:/exported-directory /mount-point -o rw --> For NFS4 version
Configure autofs, if automounting is preferred for nfs exports and with ldap user home directories (Direct and Indirect Maps can be set)
vim /etc/auto.master -> specify the mount point and map-name (Eg: auto.nfs)
vim /etc/map-name
service autofs stop
service autofs start
Check mounted NFS Exports
df -h -F nfs
mount | grep nfs
List all pseudo root NFS-V4 export directories (NFS Lazy mount)
ls /net/ip-addr-nfs-server

How to access Seafile server in a virtual machine through IPtables?

I have installed Seafile-server 3.0.4 64bit on a Ubuntu-server 14.04 with default ports settings (i.e. 8000, 8082, 10001, 12001) but fail to access the instance with the client.
Infrastructure
The Ubuntu-server is running as a KVM machine on a Gentoo host.
Iptables rules
After some time I add the following Iptables rules to the host machine (gentoo), that seems to match the Seafile's requirements:
#Iptables-Rules for Seafile
iptables -A INPUT -p tcp -m multiport --dports 8000,8082,10001,12001 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A output -p tcp -m multiport --sports 8000,8082,10001,12001 -m state --state ESTABLISHED -j ACCEPT
However I'm still unable to connect even with telnet to the seafile-server either from Internet or the host machine.
Update: issue might be related to fail2ban

As I'm using NAT to link my virtual machine to my host, I had to edit the rules as follow to get it to work:
#Iptables-Rules for Seafile
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 10001 -j DNAT --to 192.168.8.8:10001
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 12001 -j DNAT --to 192.168.8.8:12001
References
Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals

How to configure JMeter for SSH tunneling over a different host

i have trouble setting up a JMeter client to connect to a remote JMeter server over an intermediate jumphost.
Especially which ports need to be open and forwarded to which host and how to configure JMeter for that. Apparently there are some blog posts about similar setups but neither describes the ports in detail nor do the connect over an external host (all use localhost?).
The setups is:
JMeter GUI(client) <-> Jumphost <-> JMeter Server
I need to setup one or more SSH Tunnels on the Jumphost and tell the Client and server to connect to this host.
Help will be much appreciated!

http://rolfje.wordpress.com/2012/02/16/distributed-jmeter-through-vpn-and-ssl/
Here I see ports in the article:
-A RH-Firewall-1-INPUT -p udp -m udp --dport 1099 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 1099 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 50000 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 50000 -j ACCEPT

Tried with Java 8
1. Client - modify jmeter.properties file adding:
remote_hosts=127.0.0.1:55511
client.rmi.localport=55512
2. Server - modify jmeter.properties file adding:
server_port=55511
server.rmi.localhostname=127.0.0.1
server.rmi.localport=55511
3. Connect to the server using:
Linux and Mac users
ssh solr#server -L 55511:127.0.0.1:55511 -R 55512:127.0.0.1:55512
Windows users
putty.exe -ssh user#server -L 55511:127.0.0.1:55511 -R 55512:127.0.0.1:55512
4. Server - start jmeter
cd apache-jmeter-2.13/bin/
./jmeter-server -Djava.rmi.server.hostname=127.0.0.1
5. Client - start jmeter
cd apache-jmeter-2.13/bin/
./jmeter.sh -Djava.rmi.server.hostname=127.0.0.1 -t test.jmx