--- Konstantinos Pachopoulos <[EMAIL PROTECTED]>
wrote:
> Hi,
> i haven't found a complete "vserver nfs how-to"
> unfortunately... Here is my situation:
> -host is named "vakhos"
> -guest, where nfs is running is called "nfs"
>
> I had a working vserver system/network, with
> nfs-user-server running, but i re-installed (because
> of damage) the host-system ("vakhos"). That means,
> that neither the clients of my network nor the
> vserver
> guest ("nfs") are causing problems, probably.
>
> The main thing i cannot remember is how is it
> possible
> to create NAPT entries if mountd is constantly
> changing port...
>
> Here is some output:
> --------------------------------------------
> vakhos:~# rpcinfo -p
> program vers proto port
> 100000 2 tcp 111 portmapper
> 100000 2 udp 111 portmapper
> --------------------------------------------
>
> nfs:/# rpcinfo -p nfs
> program vers proto port
> 100000 2 tcp 111 portmapper
> 100000 2 udp 111 portmapper
> 100003 2 udp 2049 nfs
> 100003 2 tcp 2049 nfs
> 100005 1 udp 923 mountd
> 100005 2 udp 923 mountd
> 100005 1 tcp 926 mountd
> 100005 2 tcp 926 mountd
> --------------------------------------------
>
> vakhos:~# cat /var/lib/iptables/active
> :PREROUTING ACCEPT [3:536]
> :POSTROUTING ACCEPT [3:220]
> :OUTPUT ACCEPT [3:220]
> ...
> -A POSTROUTING -d 192.168.1.0/24 -j SNAT --to-source
> 192.168.1.5
> -A PREROUTING -d 192.168.1.5 -i eth0 -p udp -m udp
> --dport 111 -j DNAT --to-destination
> 192.168.1.12:111
> -A PREROUTING -d 192.168.1.5 -i eth0 -p tcp -m tcp
> --dport 111 -j DNAT --to-destination
> 192.168.1.12:111
> -A PREROUTING -d 192.168.1.5 -i eth0 -p tcp -m tcp
> --dport 745 -j DNAT --to-destination
> 192.168.1.12:745
> -A PREROUTING -d 192.168.1.5 -i eth0 -p udp -m udp
> --dport 745 -j DNAT --to-destination
> 192.168.1.12:745
> -A PREROUTING -d 192.168.1.5 -i eth0 -p udp -m udp
> --dport 747 -j DNAT --to-destination
> 192.168.1.12:747
> -A PREROUTING -d 192.168.1.5 -i eth0 -p tcp -m tcp
> --dport 747 -j DNAT --to-destination
> 192.168.1.12:747
> -A PREROUTING -d 192.168.1.5 -i eth0 -p tcp -m tcp
> --dport 2049 -j DNAT --to-destination
> 192.168.1.12:2049
> -A PREROUTING -d 192.168.1.5 -i eth0 -p udp -m udp
> --dport 2049 -j DNAT --to-destination
> 192.168.1.12:2049
> #-A PREROUTING -d 192.168.1.5 -i eth0 -p tcp -m tcp
> --dport 981 -j DNAT --to-destination
> 192.168.1.12:981
> #-A PREROUTING -d 192.168.1.5 -i eth0 -p udp -m udp
> --dport 981 -j DNAT --to-destination
> 192.168.1.12:981
> #-A PREROUTING -d 192.168.1.5 -i eth0 -p tcp -m tcp
> --dport 984 -j DNAT --to-destination
> 192.168.1.12:984
> #-A PREROUTING -d 192.168.1.5 -i eth0 -p udp -m udp
> --dport 984 -j DNAT --to-destination
> 192.168.1.12:984
> ...
> COMMIT
> --------------------------------------------
>
> Even another vserver-guest (not a PC outside the
> vserver-network) cannot mount nfs dirs:
> --------------------------------------------
> home:/home/kostas# showmount -e
> mount clntudp_create: RPC: Program not registered
> home:/home/kostas# mount -a
> mount: pimp:/shared failed, reason given by server:
> Permission denied
> --------------------------------------------
>
> Can somebody help please? If more info is needed i
> will post them...
>
>
I fixed it. I had to set the prefix to "24" for each
guest, although i think i had done this during the
creation of each template. I also used the following
iptable entries:
-A PREROUTING -s ! 192.168.0.0/255.255.255.0 -p tcp -m
tcp --dport 2049 -j DNAT --to-destination
192.168.1.12:2049
-A POSTROUTING -s 192.168.1.0/255.255.255.0 -d !
192.168.1.0/255.255.255.0 -j SNAT --to-source 192.168.1.5
___________________________________________________________
What kind of emailer are you? Find out today - get a free analysis of your
email personality. Take the quiz at the Yahoo! Mail Championship.
http://uk.rd.yahoo.com/evt=44106/*http://mail.yahoo.net/uk
_______________________________________________
Vserver mailing list
[email protected]
http://list.linux-vserver.org/mailman/listinfo/vserver
