Date: Sat, 7 Apr 2007 01:56:41 +0300 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: freebsd-questions@freebsd.org Subject: Re: What am I not understanding about /etc/exports? Message-ID: <20070406225640.GA1562@kobe.laptop> In-Reply-To: <20070406222614.GA63630@parts-unknown.org> References: <20070406183630.GA56672@parts-unknown.org> <20070406190849.GA1465@kobe.laptop> <20070406222614.GA63630@parts-unknown.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2007-04-06 15:26, David Benfell <benfell@parts-unknown.org> wrote: >On Fri, 06 Apr 2007 22:08:50 +0300, Giorgos Keramidas wrote: >>On 2007-04-06 11:36, David Benfell <benfell@parts-unknown.org> wrote: >>> Hello all, >>> My /etc/exports contains: >>> >>> / -alldirs -maproot=root 127.0.0.1 >>> #/usr/src -alldirs -maproot=root 127.0.0.1 192.168.19.1 >>> /usr -alldirs -maproot=root 127.0.0.1 192.168.19.1 >>> /public -alldirs -maproot=root 127.0.0.1 192.168.18.45 192.168.18.46 192.168.19.1 >>> /home -alldirs -maproot=root 127.0.0.1 192.168.18.45 192.168.18.46 192.168.19.1 >>> /cdrom -alldirs,quiet,ro 127.0.0.1 -network 192.168 -mask 255.255.0.0 >>> >>> Yet: >>> mountd[735]: mount request denied from 192.168.19.1 for /usr/ports/distfiles >> >> Do you have /etc/hosts.allow and /etc/hosts.deny files? > > I don't actually implement these, so they should essentially be from > the default install. I do not have /etc/hosts.deny on either the > server or the client. The first attachment is /etc/hosts.allow from > the server. The server's `hosts.allow' file needs a bit of configuration: > # hosts.allow access control file for "tcp wrapped" applications. > # $FreeBSD: src/etc/hosts.allow,v 1.19.8.1 2006/02/19 14:57:01 ume Exp $ [...] > # Allow anything from localhost. Note that an IP address (not a host > # name) *MUST* be specified for rpcbind(8). > ALL : localhost 127.0.0.1 : allow The 127.0.0.1 address above allows rpcbind (and other RPC-based services) to work for localhost -> localhost connections. > # Rpcbind is used for all RPC services; protect your NFS! > # (IP addresses rather than hostnames *MUST* be used here) > rpcbind : 192.0.2.32/255.255.255.224 : allow > rpcbind : 192.0.2.96/255.255.255.224 : allow > rpcbind : ALL : deny These rules allow rpcbind to work for hosts in the IP ranges matching the first two lines. To allow NFS mounts to work correctly from hosts in the IP ranges 192.168.18.XXX, 192.168.19.XXX listed in your /etc/exports file, you will have to extend the list of addressed permitted for 'rpcbind'.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070406225640.GA1562>