NFS servers and firewalld
Solution 1
This should be enough:
firewall-cmd --permanent --add-service=nfs
firewall-cmd --permanent --add-service=mountd
firewall-cmd --permanent --add-service=rpc-bind
firewall-cmd --reload
Solution 2
After configuring NFS server we should enable and start three services:
- nfs-server.service
- rpcbind.service
- nfs-mountd.service (only start is needed)
And also allow these services on server firewall:
# firewall-cmd --permanent --add-service=nfs
# firewall-cmd --permanent --add-service=rpcbind
# firewall-cmd --permanent --add-service=mountd
# firewall-cmd --reload
Solution 3
Just found this - and it works when the problem is SELinux blocking the reading of the ~/.ssh/authorized_keys during login! First, enxure your ~/.ssh/authorized_keys file is properly populated and its permissions and its folder's permissions are set correctly. If you then run "setenforce 0" on the SSH destination host and are able to login to that host without entering a password, but cannot do so after entering "setenforce 1" on that same destination host, the following may fix your issue:
setsebool -P use_nfs_home_dirs 1
ref: https://cassjohnston.wordpress.com/2015/06/12/selinux-nfs-home-directories/
Solution 4
I use nfsv4 and works fine with those lines, supposing your zone is "public" and you are using the default ports 2049 and 4001
firewall-cmd --permanent --add-service=nfs --zone=public
firewall-cmd --permanent --add-service=mountd --zone=public
firewall-cmd --permanent --add-service=rpc-bind --zone=public
firewall-cmd --permanent --add-port=4001/udp --zone=public
firewall-cmd --permanent --add-port=4001/tcp --zone=public
firewall-cmd --permanent --add-port=2049/tcp --zone=public
firewall-cmd --permanent --add-port=2049/udp --zone=public
firewall-cmd --reload
I forgot one important thing: is useful to set a static port for mountd, so you can use showmount -e
to see the shares.
Personally I use 34777
root 1873 1 0 21:11 ? 00:00:00 /usr/sbin/rpc.mountd -p 34777
So you will open port on firewall
firewall-cmd --permanent --add-port=34777/udp --zone=public
firewall-cmd --permanent --add-port=34777/tcp --zone=public
The configuration of mount port is different from distro, some uses /etc/sysconfig some other use /etc/default, some other require to edit scripts..check the docs for your distro.
Related videos on Youtube
![Hassaan](https://i.stack.imgur.com/LHkNx.jpg?s=256&g=1)
Hassaan
Updated on September 18, 2022Comments
-
Hassaan almost 2 years
I am creating entities using code first schema but when run the application its generating exception
Unable to determine the principal end of an association between the types 'WebApplication1.Models.DateOfProject' and 'WebApplication1.Models.Projects'. The principal end of this association must be explicitly configured using either the relationship fluent API or data annotations.
My scenario is to implement 1.1 relation between Projects and DateOfProjects such that 1 project has 1 dateOfProject.
My code is
public class Projects { [Key()] [DatabaseGenerated(System.ComponentModel.DataAnnotations.Schema.DatabaseGeneratedOption.Identity)] public int ProjectId { get; set; } public string ProjectTitle { get; set; } public string ProjectDescriptions { get; set; } public DateOfProject DateOfProject { get; set; } public virtual ICollection<ApplicationUser> ApplicationUser { get; set; } public virtual ICollection<TaskSheetManagement> TaskSheetManagement { get; set; } } public class DateOfProject { public int DateOfProjectId { get; set; } [ForeignKey("ProjectId")] public Projects Projects { get; set; } public DateTime DateOfProjectCreation { get; set; } public Nullable<DateTime> ExpectedCompletionDate { get; set; } public Nullable<DateTime> ProjectCompletionDate { get; set; } }
and inside DbContextClass inOnModelCreating function
modelBuilder.Entity<Projects>().HasKey(pk => pk.ProjectId).ToTable("Projects"); modelBuilder.Entity<DateOfProject>().HasKey(pk => pk.DateOfProjectId).ToTable("DateOfProject"); modelBuilder.Entity<Projects>().HasRequired(p => p.DateOfProject).WithRequiredPrincipal(c => c.Projects);
I could not just resolve that problem.
-
Colin about 10 yearspossible duplicate of Unable to determine the principle end of an association
-
-
DEAR ANGEL almost 8 yearsNot enough in my case. I've got two NFS servers, the first one broadcasts correctly and is subscribed by its clients, the second is apparently broadcasting all right but its client (the first server) is unable to 'showmount' (rpc mount export: RPC: Unable to receive; errno = No route to host). I'll comeback here if/when I solve this.
-
DEAR ANGEL almost 8 yearsTurns out the SERVER needed the three services (nfs, mountd, rpc-bind) added to its firewall (dunno if the client needs all three too; it just happens to have all three in my case). In my case, the client (first NFS server) had it but the server (second NFS server) was missing mountd.
-
T0xicCode over 7 years@Urhixidur the client should not need these because firewalld allows outgoing connections.
-
Qwertie over 5 yearsNote the spelling of rpc-bind. Although I enabled it with
systemctl enable rpcbind
andsystemctl start rpcbind
, firewall-cmd told meError: INVALID_SERVICE: rpcbind
. Soon I realized that it needs a dash in this context! Are they really the same service?