From owner-freebsd-questions@FreeBSD.ORG Fri Apr 6 22:57:48 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2191916A401 for ; Fri, 6 Apr 2007 22:57:48 +0000 (UTC) (envelope-from keramida@ceid.upatras.gr) Received: from igloo.linux.gr (igloo.linux.gr [62.1.205.36]) by mx1.freebsd.org (Postfix) with ESMTP id 8E9A613C483 for ; Fri, 6 Apr 2007 22:57:47 +0000 (UTC) (envelope-from keramida@ceid.upatras.gr) Received: from kobe.laptop (dialup137.ach.sch.gr [81.186.70.137]) (authenticated bits=128) by igloo.linux.gr (8.13.8/8.13.8/Debian-3) with ESMTP id l36MumD3021639 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Sat, 7 Apr 2007 01:56:57 +0300 Received: from kobe.laptop (kobe.laptop [127.0.0.1]) by kobe.laptop (8.13.8/8.13.8) with ESMTP id l36MufE7001655 for ; Sat, 7 Apr 2007 01:56:43 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Received: (from keramida@localhost) by kobe.laptop (8.13.8/8.13.8/Submit) id l36Muf8l001654 for freebsd-questions@freebsd.org; Sat, 7 Apr 2007 01:56:41 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Date: Sat, 7 Apr 2007 01:56:41 +0300 From: Giorgos Keramidas To: freebsd-questions@freebsd.org Message-ID: <20070406225640.GA1562@kobe.laptop> References: <20070406183630.GA56672@parts-unknown.org> <20070406190849.GA1465@kobe.laptop> <20070406222614.GA63630@parts-unknown.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20070406222614.GA63630@parts-unknown.org> X-Hellug-MailScanner: Found to be clean X-Hellug-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-3.687, required 5, autolearn=not spam, ALL_TRUSTED -1.80, AWL 0.51, BAYES_00 -2.60, DNS_FROM_RFC_ABUSE 0.20) X-Hellug-MailScanner-From: keramida@ceid.upatras.gr X-Spam-Status: No Subject: Re: What am I not understanding about /etc/exports? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Apr 2007 22:57:48 -0000 On 2007-04-06 15:26, David Benfell wrote: >On Fri, 06 Apr 2007 22:08:50 +0300, Giorgos Keramidas wrote: >>On 2007-04-06 11:36, David Benfell wrote: >>> Hello all, >>> My /etc/exports contains: >>> >>> / -alldirs -maproot=root 127.0.0.1 >>> #/usr/src -alldirs -maproot=root 127.0.0.1 192.168.19.1 >>> /usr -alldirs -maproot=root 127.0.0.1 192.168.19.1 >>> /public -alldirs -maproot=root 127.0.0.1 192.168.18.45 192.168.18.46 192.168.19.1 >>> /home -alldirs -maproot=root 127.0.0.1 192.168.18.45 192.168.18.46 192.168.19.1 >>> /cdrom -alldirs,quiet,ro 127.0.0.1 -network 192.168 -mask 255.255.0.0 >>> >>> Yet: >>> mountd[735]: mount request denied from 192.168.19.1 for /usr/ports/distfiles >> >> Do you have /etc/hosts.allow and /etc/hosts.deny files? > > I don't actually implement these, so they should essentially be from > the default install. I do not have /etc/hosts.deny on either the > server or the client. The first attachment is /etc/hosts.allow from > the server. The server's `hosts.allow' file needs a bit of configuration: > # hosts.allow access control file for "tcp wrapped" applications. > # $FreeBSD: src/etc/hosts.allow,v 1.19.8.1 2006/02/19 14:57:01 ume Exp $ [...] > # Allow anything from localhost. Note that an IP address (not a host > # name) *MUST* be specified for rpcbind(8). > ALL : localhost 127.0.0.1 : allow The 127.0.0.1 address above allows rpcbind (and other RPC-based services) to work for localhost -> localhost connections. > # Rpcbind is used for all RPC services; protect your NFS! > # (IP addresses rather than hostnames *MUST* be used here) > rpcbind : 192.0.2.32/255.255.255.224 : allow > rpcbind : 192.0.2.96/255.255.255.224 : allow > rpcbind : ALL : deny These rules allow rpcbind to work for hosts in the IP ranges matching the first two lines. To allow NFS mounts to work correctly from hosts in the IP ranges 192.168.18.XXX, 192.168.19.XXX listed in your /etc/exports file, you will have to extend the list of addressed permitted for 'rpcbind'.