NFS servers and firewalld

centos rhel nfs firewalld file-server

729

Solution 1

This should be enough:

firewall-cmd --permanent --add-service=nfs
firewall-cmd --permanent --add-service=mountd
firewall-cmd --permanent --add-service=rpc-bind
firewall-cmd --reload

Solution 2

After configuring NFS server we should enable and start three services:

nfs-server.service
rpcbind.service
nfs-mountd.service (only start is needed)

And also allow these services on server firewall:

# firewall-cmd --permanent --add-service=nfs
# firewall-cmd --permanent --add-service=rpcbind
# firewall-cmd --permanent --add-service=mountd
# firewall-cmd --reload

Solution 3

Just found this - and it works when the problem is SELinux blocking the reading of the ~/.ssh/authorized_keys during login! First, enxure your ~/.ssh/authorized_keys file is properly populated and its permissions and its folder's permissions are set correctly. If you then run "setenforce 0" on the SSH destination host and are able to login to that host without entering a password, but cannot do so after entering "setenforce 1" on that same destination host, the following may fix your issue:

setsebool -P use_nfs_home_dirs 1

ref: https://cassjohnston.wordpress.com/2015/06/12/selinux-nfs-home-directories/

Solution 4

I use nfsv4 and works fine with those lines, supposing your zone is "public" and you are using the default ports 2049 and 4001

firewall-cmd --permanent --add-service=nfs --zone=public
firewall-cmd --permanent --add-service=mountd --zone=public
firewall-cmd --permanent --add-service=rpc-bind --zone=public
firewall-cmd --permanent --add-port=4001/udp --zone=public
firewall-cmd --permanent --add-port=4001/tcp --zone=public
firewall-cmd --permanent --add-port=2049/tcp --zone=public
firewall-cmd --permanent --add-port=2049/udp --zone=public
firewall-cmd --reload

I forgot one important thing: is useful to set a static port for mountd, so you can use showmount -e to see the shares. Personally I use 34777

root      1873     1  0 21:11 ?        00:00:00 /usr/sbin/rpc.mountd -p 34777

So you will open port on firewall

  firewall-cmd --permanent --add-port=34777/udp --zone=public
  firewall-cmd --permanent --add-port=34777/tcp --zone=public

The configuration of mount port is different from distro, some uses /etc/sysconfig some other use /etc/default, some other require to edit scripts..check the docs for your distro.

View more solutions

729

Hassaan

Updated on September 18, 2022

Comments

Hassaan almost 2 years

I am creating entities using code first schema but when run the application its generating exception

Unable to determine the principal end of an association between the types 'WebApplication1.Models.DateOfProject' and 'WebApplication1.Models.Projects'. The principal end of this association must be explicitly configured using either the relationship fluent API or data annotations.

My scenario is to implement 1.1 relation between Projects and DateOfProjects such that 1 project has 1 dateOfProject.

My code is

public class Projects
    {
        [Key()]
        [DatabaseGenerated(System.ComponentModel.DataAnnotations.Schema.DatabaseGeneratedOption.Identity)]
        public int ProjectId { get; set; }
        public string ProjectTitle { get; set; }

        public string  ProjectDescriptions { get; set; }

        public DateOfProject DateOfProject { get; set; }

        public virtual ICollection<ApplicationUser> ApplicationUser { get; set; }

        public virtual ICollection<TaskSheetManagement> TaskSheetManagement { get; set; }
    }

    public class DateOfProject
    {
        public int DateOfProjectId { get; set; }

        [ForeignKey("ProjectId")]
        public Projects Projects { get; set; }

        public DateTime DateOfProjectCreation { get; set; }

        public Nullable<DateTime> ExpectedCompletionDate { get; set; }

        public Nullable<DateTime> ProjectCompletionDate { get; set; }


    }

and inside DbContextClass inOnModelCreating function

modelBuilder.Entity<Projects>().HasKey(pk => pk.ProjectId).ToTable("Projects");
modelBuilder.Entity<DateOfProject>().HasKey(pk => pk.DateOfProjectId).ToTable("DateOfProject");
modelBuilder.Entity<Projects>().HasRequired(p => p.DateOfProject).WithRequiredPrincipal(c => c.Projects);

I could not just resolve that problem.

Colin about 10 years

possible duplicate of Unable to determine the principle end of an association

DEAR ANGEL almost 8 years

Not enough in my case. I've got two NFS servers, the first one broadcasts correctly and is subscribed by its clients, the second is apparently broadcasting all right but its client (the first server) is unable to 'showmount' (rpc mount export: RPC: Unable to receive; errno = No route to host). I'll comeback here if/when I solve this.
DEAR ANGEL almost 8 years

Turns out the SERVER needed the three services (nfs, mountd, rpc-bind) added to its firewall (dunno if the client needs all three too; it just happens to have all three in my case). In my case, the client (first NFS server) had it but the server (second NFS server) was missing mountd.
T0xicCode over 7 years

@Urhixidur the client should not need these because firewalld allows outgoing connections.
Qwertie over 5 years

Note the spelling of rpc-bind. Although I enabled it with systemctl enable rpcbind and systemctl start rpcbind, firewall-cmd told me Error: INVALID_SERVICE: rpcbind. Soon I realized that it needs a dash in this context! Are they really the same service?