You are not logged in.

#1 2023-02-12 11:12:04

justdanyul
Member
Registered: 2011-09-29
Posts: 130

NFS CIDR problems

Hi all,

I followed the instruction on https://wiki.archlinux.org/title/NFS to setup a share between two machines. And I got a slight issue with the CIDR resolution, if I use a wildcard in the /etc/exports, the share works as expected, however, I'd like to limit it to machines on my network, so I used

path_to_mount/directory 192.168.50.0/24 (options)

in my /etc/exports file. However, this gives me the message

mount.nfs4: access denied by server while mounting (null)

I've also tried to use the full ip of the client in /etc/exports, and I tried the hostname. I get the above message in all cases, except when I use the * to allow all access. On the client ip addr yields

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp4s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 50:eb:f6:1f:d1:2d brd ff:ff:ff:ff:ff:ff
    inet 192.168.50.245/24 brd 192.168.50.255 scope global dynamic noprefixroute enp4s0
       valid_lft 83079sec preferred_lft 83079sec
    inet6 fe80::3c2b:7a5d:1f77:5593/64 scope link 
       valid_lft forever preferred_lft forever
    inet6 fe80::1432:c266:3d87:55c9/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

I don't want to leave everything wide open, so I'd like to understand what is going on. So, any advice would be welcome. Also, side question, on arch where do I find the nfsd related logs? I tried journalctl -u nfsv4-server , but it only seems to contain entries related to starting the services

Offline

#2 2023-02-12 12:58:03

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 10,595
Website

Re: NFS CIDR problems

Post your /etc/exports


CPU-optimized Linux-ck packages @ Repo-ck  • AUR packagesZsh and other configs

Offline

#3 2023-02-12 13:12:09

just4arch
Member
Registered: 2023-01-07
Posts: 74

Re: NFS CIDR problems

justdanyul wrote:
path_to_mount/directory 192.168.50.0/24 (options)

Stray space or typo? (between host and options)
=> as graysky asked, post it verbatim

Offline

#4 2023-02-12 16:24:55

justdanyul
Member
Registered: 2011-09-29
Posts: 130

Re: NFS CIDR problems

Verbatim export(s)

Working

/srv/nfs	*(rw,sync,crossmnt,fsid=0)
/srv/nfs/share	*(rw,sync,all_squash,anonuid=1000,anongid=1000)

not working

/srv/nfs	192.168.50.0/24(rw,sync,crossmnt,fsid=0)
/srv/nfs/share	192.168.50.0/24(rw,sync,all_squash,anonuid=1000,anongid=1000)

Offline

#5 2023-02-12 16:37:07

justdanyul
Member
Registered: 2011-09-29
Posts: 130

Re: NFS CIDR problems

UPDATE.

Seems like it's a ipv6 vs ipv4 issue. The following works as well

/srv/nfs	fe80::3c2b:7a5d:1f77:5593/64(rw,sync,crossmnt,fsid=0)
/srv/nfs/share	fe80::3c2b:7a5d:1f77:5593/64(rw,sync,all_squash,anonuid=1000,anongid=1000)

This solves it for now, as I'm only connecting two machines, but, Is there anyway to force nfs to use ipv4?

(I have no idea how to specify network segments on ipv6)

Offline

#6 2023-02-12 17:25:00

just4arch
Member
Registered: 2023-01-07
Posts: 74

Re: NFS CIDR problems

justdanyul wrote:

This solves it for now, as I'm only connecting two machines, but, Is there anyway to force nfs to use ipv4?

(I have no idea how to specify network segments on ipv6)

You're currently using link local addresses, not perfect - do you have IPv6 set up on your network?
fe80::/64 will work, if you want to stick with it.

On the IPv4 issue, how do you mount it on the client? By hostname I guess? If DNS provides both 4 and 6, 6 will be preferred.
Try using the IPv4 IP of the server on the client.

Last edited by just4arch (2023-02-12 17:25:22)

Offline

#7 2023-02-13 12:11:16

justdanyul
Member
Registered: 2011-09-29
Posts: 130

Re: NFS CIDR problems

just4arch wrote:

You're currently using link local addresses, not perfect - do you have IPv6 set up on your network?
fe80::/64 will work, if you want to stick with it.

I haven't done anything to setup IPv6, no. I just got the local addresses by default. For a full disclaimer, I have zero knowledge on IPv6 really. I'll try and educate myself a bit. Just a bit of google showed local versus site addresses, and I'll explore

just4arch wrote:

On the IPv4 issue, how do you mount it on the client? By hostname I guess? If DNS provides both 4 and 6, 6 will be preferred.
Try using the IPv4 IP of the server on the client.

You you are spot on, and this was the reason, I used the hostname and have confirmed that if I use the ip (as in the IPv4) , it works with the normal ranges.

Thanks!

Offline

Board footer

Powered by FluxBB