NFS won't mount

Hello guys,

I am trying to mount an NFS share, using the command bellow, but with no luck:

osmc@denis-osmc:~$ sudo mount -t nfs4 192.168.100.110:/srv/movies /mnt/movies
mount.nfs4: Connection timed out

I also tried adding an entry in fstab, but that did not work either. For the record this is the entry:

192.168.100.110:/srv/movies /mnt/movies nfs4 auto,nofail,noatime,nolock,intr,tcp,actimeo=1800 0 0

If I try to ping it, it works, as ahown below:

osmc@denis-osmc:~$ ping 192.168.100.110
PING 192.168.100.110 (192.168.100.110): 56 data bytes
64 bytes from 192.168.100.110: seq=0 ttl=64 time=5.767 ms

I tried using rpcinfo, but no luck either:

osmc@denis-osmc:~$ rpcinfo -p 192.168.100.110
192.168.100.110: RPC: Remote system error - Connection timed out

showmount will not work either.

Help please? :))

Well what is the output of
showmount -e 192.168.100.110?
If that is not successful then you have a config problem on your NAS or firewall inbetween.
Also what is the output of ip addr

showmount freezes and I have to close the terminal window.
I do not think that is my NAS’ fault because I can access it from other clients.

I am not sure if you asked ip addr for the host or client, so I will show them both:

Client (OSMC)
osmc@denis-osmc:~$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 4096 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 90:0e:b3:0a:1e:d5 brd ff:ff:ff:ff:ff:ff
3: wlan0: <BROADCAST,MULTICAST,DYNAMIC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether cc:4b:73:77:ab:a2 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.120/24 brd 192.168.100.255 scope global wlan0
valid_lft forever preferred_lft forever

Host
denis@denis-server:/tmp$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 30:e1:71:98:1e:7c brd ff:ff:ff:ff:ff:ff
inet 192.168.100.110/24 brd 192.168.100.255 scope global dynamic enp3s0
valid_lft 247904sec preferred_lft 247904sec
inet6 2a02:2f0e:50d:3100:32e1:71ff:fe98:1e7c/64 scope global mngtmpaddr noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::32e1:71ff:fe98:1e7c/64 scope link
valid_lft forever preferred_lft forever
3: wlp2s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 98:54:1b:84:61:92 brd ff:ff:ff:ff:ff:ff

Hi,

Whats the out on the Host, so:

denis@denis-server:/tmp$ showmount -e 127.0.0.1

Thanks Tom.

denis@denis-server:/tmp$ showmount -e 127.0.0.1
Export list for 127.0.0.1:
/srv/movies 192.168.100.120
/srv/tv_series 192.168.100.120

Hi,

Can you ping the host from the OSMC Client?

Also whats the output of:

denis@denis-server:/tmp$ rpcinfo -p 127.0.0.1

Which other clients, according to your exports the only device which is allowed access is osmc (192.168.100.120). Just to get a stupid question of the way, osmc’s IP is unique on your lan?

Thanks Tom.

What’s the output of (server and client) arp -e

And on server iptables -S

Oh, that. I modified it when I tried with another client and then I restored it to allow just Vero.

denis@denis-server:/tmp$ rpcinfo -p 127.0.0.1
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100005 1 udp 47803 mountd
100005 1 tcp 40047 mountd
100005 2 udp 33122 mountd
100005 2 tcp 50479 mountd
100005 3 udp 48770 mountd
100005 3 tcp 35207 mountd
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100227 3 tcp 2049
100003 3 udp 2049 nfs
100227 3 udp 2049
100021 1 udp 44061 nlockmgr
100021 3 udp 44061 nlockmgr
100021 4 udp 44061 nlockmgr
100021 1 tcp 33617 nlockmgr
100021 3 tcp 33617 nlockmgr
100021 4 tcp 33617 nlockmgr

Yes, yes I can:

osmc@denis-osmc:~$ ping 192.168.100.110
PING 192.168.100.110 (192.168.100.110): 56 data bytes
64 bytes from 192.168.100.110: seq=0 ttl=64 time=11.321 ms
64 bytes from 192.168.100.110: seq=1 ttl=64 time=2.823 ms
64 bytes from 192.168.100.110: seq=2 ttl=64 time=3.341 ms
64 bytes from 192.168.100.110: seq=3 ttl=64 time=2.040 ms

Edit 1: Regarding the first question I feel I was not explicit enough. The IP addresses of the host and OSMC are static, they are set this way from the router. When I tried to mount from another client, I modified /etc/exports to allow other IP’s, then when I successfully mounted from that other client I reverted /etc/exports back to allowing only OSMC.

Host
denis@denis-server:/$ arp -e
Address HWtype HWaddress Flags Mask Iface
188-24-20-246.rdsnet.ro ether f4:4c:7f:21:fb:00 C enp3s0
192.168.100.120 ether cc:4b:73:77:ab:a2 C enp3s0
_gateway ether f4:4c:7f:21:fb:00 C enp3s0
192.168.100.100 ether c4:85:08:41:6a:81 C enp3s0

Client (OSMC)
osmc@denis-osmc:~$ arp -e
Address HWtype HWaddress Flags Mask Iface
_gateway ether f4:4c:7f:21:fb:00 C wlan0
192.168.100.100 ether c4:85:08:41:6a:81 C wlan0
192.168.100.110 ether 30:e1:71:98:1e:7c C wlan0

denis@denis-server:/$ sudo iptables -S
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-N ufw-after-forward
-N ufw-after-input
-N ufw-after-logging-forward
-N ufw-after-logging-input
-N ufw-after-logging-output
-N ufw-after-output
-N ufw-before-forward
-N ufw-before-input
-N ufw-before-logging-forward
-N ufw-before-logging-input
-N ufw-before-logging-output
-N ufw-before-output
-N ufw-logging-allow
-N ufw-logging-deny
-N ufw-not-local
-N ufw-reject-forward
-N ufw-reject-input
-N ufw-reject-output
-N ufw-skip-to-policy-forward
-N ufw-skip-to-policy-input
-N ufw-skip-to-policy-output
-N ufw-track-forward
-N ufw-track-input
-N ufw-track-output
-N ufw-user-forward
-N ufw-user-input
-N ufw-user-limit
-N ufw-user-limit-accept
-N ufw-user-logging-forward
-N ufw-user-logging-input
-N ufw-user-logging-output
-N ufw-user-output
-A INPUT -j ufw-before-logging-input
-A INPUT -j ufw-before-input
-A INPUT -j ufw-after-input
-A INPUT -j ufw-after-logging-input
-A INPUT -j ufw-reject-input
-A INPUT -j ufw-track-input
-A FORWARD -j ufw-before-logging-forward
-A FORWARD -j ufw-before-forward
-A FORWARD -j ufw-after-forward
-A FORWARD -j ufw-after-logging-forward
-A FORWARD -j ufw-reject-forward
-A FORWARD -j ufw-track-forward
-A OUTPUT -j ufw-before-logging-output
-A OUTPUT -j ufw-before-output
-A OUTPUT -j ufw-after-output
-A OUTPUT -j ufw-after-logging-output
-A OUTPUT -j ufw-reject-output
-A OUTPUT -j ufw-track-output
-A ufw-after-input -p udp -m udp --dport 137 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 138 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp -m tcp --dport 139 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp -m tcp --dport 445 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 67 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 68 -j ufw-skip-to-policy-input
-A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input
-A ufw-after-logging-forward -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-after-logging-input -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A ufw-before-forward -j ufw-user-forward
-A ufw-before-input -i lo -j ACCEPT
-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny
-A ufw-before-input -m conntrack --ctstate INVALID -j DROP
-A ufw-before-input -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A ufw-before-input -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A ufw-before-input -j ufw-not-local
-A ufw-before-input -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT
-A ufw-before-input -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j ACCEPT
-A ufw-before-input -j ufw-user-input
-A ufw-before-output -o lo -j ACCEPT
-A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-output -j ufw-user-output
-A ufw-logging-allow -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
-A ufw-logging-deny -m conntrack --ctstate INVALID -m limit --limit 3/min --limit-burst 10 -j RETURN
-A ufw-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN
-A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN
-A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN
-A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny
-A ufw-not-local -j DROP
-A ufw-skip-to-policy-forward -j DROP
-A ufw-skip-to-policy-input -j DROP
-A ufw-skip-to-policy-output -j ACCEPT
-A ufw-track-output -p tcp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-track-output -p udp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 22 -m comment --comment “‘dapp_OpenSSH’” -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 10000 -j ACCEPT
-A ufw-user-input -p udp -m udp --dport 10000 -j ACCEPT
-A ufw-user-input -s 192.168.100.120/32 -p tcp -m tcp --dport 2049 -j ACCEPT
-A ufw-user-input -s 192.168.100.120/32 -p udp -m udp --dport 2049 -j ACCEPT
-A ufw-user-input -s 192.168.100.100/32 -p tcp -m tcp --dport 2049 -j ACCEPT
-A ufw-user-input -s 192.168.100.100/32 -p udp -m udp --dport 2049 -j ACCEPT
-A ufw-user-input -s 192.168.100.100/32 -p tcp -m tcp --dport 111 -j ACCEPT
-A ufw-user-input -s 192.168.100.100/32 -p udp -m udp --dport 111 -j ACCEPT
-A ufw-user-limit -m limit --limit 3/min -j LOG --log-prefix "[UFW LIMIT BLOCK] "
-A ufw-user-limit -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-limit-accept -j ACCEPT

Why are these for .100 not .120?

1 Like

.100 is the PC from where I control the server and the OSMC.

Fair enough but isn’t 111 also needed for nfs?

Well, I do not have any device assigned to .111. Since I do not have so many devices (about 5) I assigned to each device from 10 to 10 (.100, .110, .120, etc.).

Edit 1: Maybe it will be helpful showing these configs from the server:
/etc/hosts.deny:

portmap:ALL
lockd:ALL
mountd:ALL
rquotad:ALL
statd:ALL

and
/etc/hosts.allow:

portmap:192.168.100.120
lockd:192.168.100.120
mountd:192.168.100.120
rquotad:192.168.100.120
statd:192.168.100.120

Hi,

Fzinken means port 111 tcp/upd.

Being as you’ve allowed portmap (111) via .120 for tcp wrappers, I don’t see any harm adding it ufw:

-A ufw-user-input -s 192.168.100.120/32 -p tcp -m tcp --dport 111 -j ACCEPT
-A ufw-user-input -s 192.168.100.120/32 -p udp -m udp --dport 111 -j ACCEPT

Please add the above and try showmount & rpcinfo from the osmc client again.

Thanks Tom.

2 Likes

osmc@denis-osmc:~$ rpcinfo -p 192.168.100.110
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100005 1 udp 39928 mountd
100005 1 tcp 55533 mountd
100005 2 udp 45629 mountd
100005 2 tcp 39483 mountd
100005 3 udp 39691 mountd
100005 3 tcp 34639 mountd
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100227 3 tcp 2049
100003 3 udp 2049 nfs
100227 3 udp 2049
100021 1 udp 43907 nlockmgr
100021 3 udp 43907 nlockmgr
100021 4 udp 43907 nlockmgr
100021 1 tcp 38027 nlockmgr
100021 3 tcp 38027 nlockmgr
100021 4 tcp 38027 nlockmgr

osmc@denis-osmc:~$ showmount -e 192.168.100.110
rpc mount export: RPC: Timed out

You got me thinking when you told me to add that port, so I did a little research and apparently I had to assign a random unused port to RPCMOUNTDOPTS in /etc/default/nfs-kernel-server, then add the random port to ufw.

Now it works:

osmc@denis-osmc:~$ showmount -e 192.168.100.110
Export list for 192.168.100.110:
/srv/movies 192.168.100.120
/srv/tv_series 192.168.100.120

osmc@denis-osmc:/mnt$ sudo mount -t nfs4 192.168.100.110:/srv/movies /mnt/movies
osmc@denis-osmc:/mnt$

Thanks for all the help @fzinken and @Tom_Doyle!

1 Like
192.168.100.110:/srv/movies /mnt/movies nfs4 auto,nofail,noatime,nolock,intr,tcp,actimeo=1800 0 0

FYI. From the nfs(5) man page:

Use of the “nfs4” fstype in /etc/fstab is deprecated.

The intr / nointr mount option is deprecated after kernel 2.6.25. … if specified, this mount option is ignored to provide backwards compatibility with older kernels.

1 Like