Linux — nfs mount

此篇文章用來記錄 .a 掛載 .b 過程 ( .a 已經有掛載 .c )，由於對 Linux 不熟所以有問題都會問 ChatGPT。( 先說結論: ChatGPT Plus 真讚 )

相關文章 Linux — 檔案權限與目錄配置

🔖 文章索引

1. Error Message: mount.nfs: No route to host
2. Check Ping the Server
3. Check Firewall Settings
4. What is [zone_name] ?
5. Verify NFS Server Status
6. Examine /etc/exports on the Server

Error Message: mount.nfs: No route to host

當我在 .a 要將 .b 資料夾掛載上

# .a server

$ mount 172.16.1.b/www/public/journal /journal

# output: mount.nfs: No route to host

# Question

```
your act as a Linux expert
I mount file then output message "mount.nfs: No route to host"
```

# ChatGPT Response

The error message "mount.nfs: No route to host" that you encounter while trying to mount an NFS (Network File System) share typically indicates a network connectivity issue between your client system and the NFS server. Here are some steps you can take to troubleshoot and resolve this issue:

1. Check Network Connectivity:
   ● Ensure that both the NFS client and the NFS server are connected to the network.
   ● Verify that both machines have valid IP addresses and can communicate over the network.

2. Ping the NFS Server:
   ● Use the `ping` command to check if the NFS server is reachable from the client machine.
   ● For example, run `ping [server_ip]` or `ping [server_hostname]`.

3. Check Firewall Settings:
   ● Ensure that the firewall on both the client and the server is configured to allow NFS traffic.
   ● NFS typically uses TCP and UDP ports 2049 for NFS, 111 for portmapper, and may also use additional ports for rpc.statd and rpc.mountd.

4. Verify NFS Server Status:
   ● On the NFS server, check that the NFS service is running and properly configured.
   ● You can use commands like `sudo systemctl status nfs-server` on the server to check its status.

5. Examine /etc/exports on the Server:
   ● Ensure that the NFS export configuration (`/etc/exports`) on the server includes the client system or is otherwise properly configured to allow access.

6. Check Routing Tables:
   ● Verify that the routing tables on both the client and the server are correctly configured to allow traffic between the two systems.
   ● Use the `route` or `ip route` command to view the routing table.

7. Check Network Services:
   ● Ensure that essential network services like DNS (if you're using hostnames) and portmapper are functioning correctly.

8. Review NFS Client Configuration:
   ● Double-check the syntax and parameters used in your `mount` command.

9. Check for IP Address Changes:
   ● If either the client or the server recently had an IP address change, it could cause connectivity issues. Ensure that any such changes are accounted for in the configuration.

10. Review System Logs:
● Check the system logs on both the client and server for any relevant error messages that could provide more information. You can use `journalctl`, `dmesg`, or directly view log files in `/var/log/`.

By systematically going through these steps, you should be able to identify and resolve the issue causing the "No route to host" error. If you're still encountering problems after these checks, please provide more specific details about your configuration and the steps you've taken so far.

Check Ping the Server

# .a server

$ ping 172.16.1.b

# ================

# .b server

$ ping 172.16.1.a

Check Firewall Settings

# Question

> How to Check Firewall Settings

# ChatGPT Response

Checking firewall settings on a Linux system can depend on the firewall management tool in use. The two most common tools are `iptables` and `firewalld`. I'll provide instructions for both.

~ Checking Firewall Settings with `iptables` ~

1. List Current `iptables` Rules:
   ● Use the command `sudo iptables -L` to list all current `iptables` rules. This will show you all the rules in the default table (filter).
   ● To see the rules with numeric line numbers, use `sudo iptables -L --line-numbers`.

2. Check Specific Tables:
   ● `iptables` has several tables (like filter, nat, mangle). To list rules in a specific table, use `sudo iptables -t [table_name] -L`.

3. Check for NFS-Related Rules:
   ● Look for rules that allow traffic on NFS-related ports, such as TCP and UDP port 2049, and ports 111 for rpcbind.

~ Checking Firewall Settings with `firewalld` ~

1. Check `firewalld` Status:
   ● Use `sudo systemctl status firewalld` to check if `firewalld` is running.

2. List Active Zones:
   ● Firewalld organizes rules into zones. Use `sudo firewall-cmd --get-active-zones` to see which zones are active.

3. List Rules in a Zone:
   ● To list all rules in a specific zone, use `sudo firewall-cmd --list-all --zone=[zone_name]`.
   ● If you're not sure of the zone, you can check the default zone with `sudo firewall-cmd --get-default-zone`.

4. Check for NFS Services:
   ● In `firewalld`, services can be enabled rather than specific ports. Check if the NFS service is enabled with `sudo firewall-cmd --list-services --zone=[zone_name]`.
   ● If NFS is not listed, it can be added with `sudo firewall-cmd --zone=[zone_name] --add-service=nfs --permanent` followed by `sudo firewall-cmd --reload`.

~ General Tips ~

● If you're unsure which firewall tool your system is using, you can check if either service is active with `sudo systemctl status iptables` and `sudo systemctl status firewalld`.

● Remember that any changes made directly with `iptables` might not be persistent across reboots unless saved and restored properly. Similarly, changes with `firewalld` should be made permanent with the `--permanent` flag and followed by a reload.

● Ensure that your client system's firewall is also configured to allow NFS traffic if applicable.

● If you are using a cloud provider or are in a corporate network, there may be additional network-level firewalls or security groups that need to be configured to allow NFS traffic.

If you encounter specific issues or errors while checking or configuring your firewall settings, please provide more details for further assistance.

What is [zone_name] ?

# Question

```
I followed instruction.
Check `firewalld` Status. It is active (running).
I confuse what is [zone_name] when Check for NFS Services
```

# ChatGPT Response

In `firewalld`, a "zone" is a way to define a trust level for network connections or interfaces.
Each zone has its own set of rules about what traffic is allowed or blocked.
Understanding and working with zones is crucial for configuring your firewall settings properly in `firewalld`.

## Understanding Zones in `firewalld`

● Default Zone:
  Your system has a default zone, which is used if no other zone is explicitly set for a connection or interface.
● Zone Types:
  Common zones include `public`, `private`, `external`, `internal`, `dmz`, `work`, `home`, `trusted`, etc. Each is pre-configured with a different set of rules and trust levels.
● Assigning Interfaces and Sources:
  You can assign network interfaces and sources (like IP addresses) to specific zones.

## Finding Your Zone

1. List Active Zones:
   ● Run `sudo firewall-cmd --get-active-zones`. This command shows you which zones are active, and which interfaces or sources are assigned to them.

2. Check the Default Zone:
   ● If you're not sure which zone to work with, you can check your default zone with `sudo firewall-cmd --get-default-zone`. This is often a good place to start, especially if you haven't customized your zones.

## Checking NFS Services in a Zone

After identifying the zone (let's say it's `public` for this example), you can check if NFS services are allowed in that zone:

1. List Services in the Zone:
   ● Run `sudo firewall-cmd --list-services --zone=public`.
   ● This command lists all services allowed in the `public` zone.

2. Look for NFS Service:
   ● In the list of services, look for `nfs`. If it's there, it means NFS is allowed in the `public` zone.

## Adding NFS Service to a Zone

If NFS is not listed and you want to allow it:

1. Add NFS Service to the Zone:
   ● Run `sudo firewall-cmd --zone=public --add-service=nfs --permanent`.
   ● This command allows NFS in the `public` zone and makes the change permanent.

2. Reload `firewalld`:
   ● Apply the changes by reloading `firewalld` with `sudo firewall-cmd --reload`.

## Note

● Replace `public` with the appropriate zone name based on your configuration or the default zone.
● Be careful when altering firewall settings. Only open the services and ports that are necessary for your network setup to maintain security.
● If you're working in a more complex network setup or if there are other network-level firewalls (like in a cloud environment), additional configuration might be required there too.

Verify NFS Server Status

# Question

> I verify NFS Server Status that found Active: inactive (dead)

# ChatGPT Response

If the NFS server status shows as "Active: inactive (dead)", it means that the NFS service is not currently running on your server.
To resolve this issue, you will need to start the NFS service and ensure it is properly configured.
Here are the steps to do that:

1. Start the NFS Server Service:
   ● Use the command `sudo systemctl start nfs-server` to start the NFS service.
   ● After starting the service, check its status again with `sudo systemctl status nfs-server` to confirm it's active and running.

2. Enable NFS Server on Boot:
   ● If you want the NFS server to start automatically on boot, use the command `sudo systemctl enable nfs-server`.

3. Check NFS Server Configuration:
   ● Review the NFS server configuration file (usually `/etc/exports`) to make sure it's correctly set up.
   ● Ensure that the directories you want to share are properly listed and have the correct permissions set for the clients.

4. Export the NFS Shares:
   ● After modifying `/etc/exports`, run `sudo exportfs -ra` to apply the changes.

5. Check NFS Service Ports:
   ● Verify that the necessary ports for NFS are open and listening. NFS typically requires port 2049 for TCP and UDP, as well as ports for rpcbind (111) and other related services like rpc.statd and rpc.mountd.
   ● Use commands like `ss -tuln` or `netstat -tuln` to check open ports.

6. Restart NFS Service if Necessary:
   ● If you made changes to the configuration, restart the NFS service to apply them with `sudo systemctl restart nfs-server`.

7. Check Firewall Settings:
   ● Ensure that your firewall settings on the server allow traffic for NFS. You might need to add rules to permit traffic on the NFS ports.

8. Test from the Client Side:
   ● Once the NFS server is running, try to mount the NFS share again from the client side.

9. Review System Logs for Errors:
   ● If you encounter any issues, check the system logs (`/var/log/messages`, `/var/log/syslog`, or use `journalctl`) for any NFS-related error messages that can help diagnose the problem.

By following these steps, you should be able to get your NFS server up and running and resolve the issue with mounting NFS shares on the client side.
If you encounter any specific errors or issues during this process, please provide the details for further assistance.

Examine /etc/exports on the Server

# Question

```
Check NFS Server Configuration
How to write `/etc/exports`
```

# ChatGPT Response

The `/etc/exports` file in NFS (Network File System) is used to control which file systems are exported to remote hosts and specifies options on how the file systems are shared.
Here's how you can write or edit the `/etc/exports` file:

## Basic Syntax

● Path: The path to the directory you want to share.
● Client Specification: The hostname, IP address, or network of the client(s) that are allowed to access the share.
● Options: A list of options in parentheses, specifying how the share is accessed.

## Example

```bash
$ /path/to/share  client1(rw,sync,no_subtree_check) client2(ro,sync)
```

In this example:

● `/path/to/share` is the directory being shared.
● `client1` and `client2` are the clients. These can be hostnames, IP addresses, or IP ranges.
● `rw` and `ro` specify read-write and read-only access, respectively.
● `sync` ensures changes are written to disk immediately.
● `no_subtree_check` improves reliability by disabling subtree checking.

## Common Options

● `rw`: Read/Write access.
● `ro`: Read-only access.
● `sync`: Synchronize changes immediately.
● `async`: Synchronize changes at a later time (can improve performance).
● `no_subtree_check`: Disable subtree checking.
● `no_root_squash`: By default, NFS translates requests from the root user to a less privileged user. This option disables that behavior.
● `root_squash`: Map requests from the root user to the anonymous user (usually used for security).

## Wildcards and Networks

● You can use wildcards (`*`) and network notation to specify multiple clients. For example, `192.168.1.0/24` would specify all clients in the 192.168.1.0 network.

## Example with Network

```bash
$ /path/to/share  192.168.1.0/24(rw,sync)
```

## Applying Changes

After modifying `/etc/exports`, run the following command to apply the changes:

```bash
$ sudo exportfs -ra
```

## Security Considerations

● Be cautious with the `no_root_squash` option as it can pose security risks.
● Limit access to trusted clients and networks.
● Use `ro` (read-only) wherever write access is not necessary.

## Editing the File

To edit the file, you can use any text editor, like `nano` or `vim`:

```bash
$ sudo nano /etc/exports
```

or

```bash
$ sudo vim /etc/exports
```

After saving your changes in the editor, remember to apply them with `exportfs -ra`.

Please replace the example paths and client specifications with those relevant to your setup.
If you have specific requirements or a certain setup in mind, let me know, and I can provide more targeted guidance.