web-dev-qa-db-ja.com

サーバーがmount.nfsアクセスを拒否しました

これまでに行った手順は次のとおりです。

server01 # apt-get install nfs-kernel-server
server01 # mkdir /home/acoder/Public
server01 # vi /etc/fstab

「マウント」をgrepしたときに役立つ情報が見つかりました。

/var/log/syslog:Dec 17 13:57:58 server01 rpc.mountd[9918]: Version 1.2.8 starting
/var/log/syslog:Dec 17 14:04:55 server01 rpc.mountd[9918]: refused mount request from 1.2.3.77 for /public/ (/public): unmatched Host
/var/log/syslog:Dec 17 14:49:44 server01 rpc.mountd[9918]: message repeated 8 times: [ refused mount request from 1.2.3.77 for /public/ (/public): unmatched Host]
/var/log/syslog:Dec 17 14:51:49 server01 rpc.mountd[9918]: Caught signal 15, un-registering and exiting.
/var/log/syslog:Dec 17 14:51:50 server01 rpc.mountd[18437]: Version 1.2.8 starting
/var/log/syslog:Dec 17 14:52:00 server01 rpc.mountd[18437]: refused mount request from 1.2.3.77 for /public/ (/public): unmatched Host
/var/log/syslog:Dec 17 14:53:32 server01 rpc.mountd[18437]: message repeated 2 times: [ refused mount request from 1.2.3.77 for /public/ (/public): unmatched Host]
/var/log/syslog:Dec 17 15:48:17 server01 rpc.mountd[18437]: refused mount request from 1.2.3.77 for /export/public (/export/public): unmatched Host

クライアントのshowmount -e 1.2.3.4からの出力は次のとおりです。

Export list for 1.2.3.4:
/export/public 192.168.1.0/24
/export 192.168.1.0/24

サーバー自体にnfs共有をマウントしようとすると、アクセスも拒否されることがわかりました。

\# mount -t nfs -o proto=tcp,port=2049 localhost:/export/public/ /mnt/server01public/
mount.nfs: access denied by server while mounting localhost:/export/public/


    # added the following line
    /home/acoder/Public    /export/public   none    bind  0  0

server01 # ifconfig
    eth0      Link encap:Ethernet  HWaddr d0:67:e5:3f:fa:82  
              inet addr:1.2.3.4  Bcast:1.2.3.255  Mask:255.255.255.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:53009 errors:0 dropped:0 overruns:0 frame:0
              TX packets:32395 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000 
              RX bytes:39888803 (39.8 MB)  TX bytes:4382214 (4.3 MB)
              Interrupt:20 Memory:e3900000-e3920000 

    lo        Link encap:Local Loopback  
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING  MTU:65536  Metric:1
              RX packets:23485 errors:0 dropped:0 overruns:0 frame:0
              TX packets:23485 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0 
              RX bytes:2612596 (2.6 MB)  TX bytes:2612596 (2.6 MB)


server01 # vi /etc/exports

    # added the following lines
    /export       192.168.1.0/24(rw,fsid=0,insecure,no_subtree_check,async,no_root_squash)
    /export/public 192.168.1.0/24(rw,nohide,insecure,no_subtree_check,async,no_root_squash)

server01 # mkdir -p /export/public
server01 # chmod 777 /export/
server01 # chmod 777 /export/public/

server01 # exportfs -a
server01 # service nfs-kernel-server restart

server01 # showmount -e
Export list for server01:
/export/public 192.168.1.0/24
/export        192.168.1.0/24

クライアントへ:

client01 # mkdir /mnt/server01public
client01 # mount -t nfs -o proto=tcp,port=2049 1.2.3.4:/public/ /mnt/server01public/

mount.nfs: access denied by server while mounting 1.2.3.4:/public/

サーバーファイアウォールをオフにしました(ローカルホームネットワーク内にあります)が、同じエラーが引き続き発生します。

0何が欠けていますか?

編集1

サーバー自体にnfs共有をマウントしようとすると、アクセスも拒否されることがわかりました。

\# mount -t nfs -o proto=tcp,port=2049 localhost:/export/public/ /mnt/server01public/
mount.nfs: access denied by server while mounting localhost:/export/public/

編集2

/ var/log/*で「mount」をgrepしたときに役立つ情報が見つかりました。

/var/log/syslog:Dec 17 13:57:58 server01 rpc.mountd[9918]: Version 1.2.8 starting
/var/log/syslog:Dec 17 14:04:55 server01 rpc.mountd[9918]: refused mount request from 1.2.3.77 for /public/ (/public): unmatched Host
/var/log/syslog:Dec 17 14:49:44 server01 rpc.mountd[9918]: message repeated 8 times: [ refused mount request from 1.2.3.77 for /public/ (/public): unmatched Host]
/var/log/syslog:Dec 17 14:51:49 server01 rpc.mountd[9918]: Caught signal 15, un-registering and exiting.
/var/log/syslog:Dec 17 14:51:50 server01 rpc.mountd[18437]: Version 1.2.8 starting
/var/log/syslog:Dec 17 14:52:00 server01 rpc.mountd[18437]: refused mount request from 1.2.3.77 for /public/ (/public): unmatched Host
/var/log/syslog:Dec 17 14:53:32 server01 rpc.mountd[18437]: message repeated 2 times: [ refused mount request from 1.2.3.77 for /public/ (/public): unmatched Host]
/var/log/syslog:Dec 17 15:48:17 server01 rpc.mountd[18437]: refused mount request from 1.2.3.77 for /export/public (/export/public): unmatched Host

1.2.3.77はクライアントです。

編集

server01 / # cat /etc/hosts.allow 
# /etc/hosts.allow: list of hosts that are allowed to access the system.
#                   See the manual pages hosts_access(5) and hosts_options(5).
#
# Example:    ALL: LOCAL @some_netgroup
#             ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
#
# If you're going to protect the portmapper use the name "rpcbind" for the
# daemon name. See rpcbind(8) and rpc.mountd(8) for further information.
#

server01 / # cat /etc/hosts.deny 
# /etc/hosts.deny: list of hosts that are _not_ allowed to access the system.
#                  See the manual pages hosts_access(5) and hosts_options(5).
#
# Example:    ALL: some.Host.name, .some.domain
#             ALL EXCEPT in.fingerd: other.Host.name, .other.domain
#
# If you're going to protect the portmapper use the name "rpcbind" for the
# daemon name. See rpcbind(8) and rpc.mountd(8) for further information.
#
# The PARANOID wildcard matches any Host whose name does not match its
# address.
#
# You may wish to enable this to ensure any programs that don't
# validate looked up hostnames still leave understandable logs. In past
# versions of Debian this has been the default.
# ALL: PARANOID

server01 / # 
3
a coder

解決しました。

/ etc/exportsを編集し、クライアントマシンの特定のIPを追加しました。

# added the following lines
/export       1.2.3.0/24(rw,fsid=0,insecure,no_subtree_check,async,no_root_squash)
/export/public 1.2.3.0/24(rw,nohide,insecure,no_subtree_check,async,no_root_squash)

Exportfs -aを発行し、クライアントからマウントできました。

2
a coder