Troubleshooting mount.nfs: Connection timed out for Centos 7 machines

Question

Can somebody help me troubleshoot setting up NFS share between two Centos 7 machines?

• https://www.howtoforge.com/nfs-server-and-client-on-centos-7
• https://www.unixmen.com/setting-nfs-server-client-centos-7/

I have configured the firewall and the server is working fine, I can mount the shared folder from the different (third) Centos 7 machine.

However, on this other client machine, let's call it 111.111.111.111 I cannot mount:

 `mount -t nfs 255.255.255.255:/var/nfsshare /some/existing/folder`

(I get mount.nfs: Connection timed )

When I run tcpdump alongside, I get:

[root@111.111.111.111 ~]#  tcpdump -i eth0 -n host 255.255.255.255
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
13:45:35.795666 IP 111.111.111.111.1015 > 255.255.255.255.nfs: Flags [S], seq 221559787, win 29200, options [mss 1460,sackOK,TS val 2467213240 ecr 0,nop,wscale 7], length 0
13:45:36.797428 IP 111.111.111.111.1015 > 255.255.255.255.nfs: Flags [S], seq 221559787, win 29200, options [mss 1460,sackOK,TS val 2467214242 ecr 0,nop,wscale 7], length 0
...

The client CAN ping the server.

rpcinfo -p 161.53.19.149

gives: rpcinfo: can't contact portmapper: RPC: Remote system error - Connection timed out

However, I can telnet from the client to both 111 and 2049 ports.

From what I've read this should be a firewall issue, but apparently it is not, as it doesn't work even if I disable the firewall on the server (or even at the client).

How should I troubleshoot this next?

Answer 1

Here's the best workbook I've found for troubleshooting NFS connections: https://docs.oracle.com/cd/E23824_01/html/821-1454/rfsadmin-215.html

Follow those instructions slowly and carefully and they should turn up the problem. That doc is a good example of a step-by-step troubleshooting where you check all the connectivity prerequisites before checking the actual service you're trying to test.

Here's some additional info that may help:

• Your network sniff output is simple - the server isn't responding to you on the NFS TCP port. I hope the server's IP isn't really 255.255.255.255, since that's a broadcast address and is unlikely to work reliably.

• You may have dropped all the firewalls, but the NFS server has its own permissions control, in the /etc/exports file according to the HowToForge link that you were following. You need to specify ALL the clients, not just a single IP address. You can also use a network range that includes all the clients. "man 5 exports" should tell you more about how to edit this file. Please DON'T put in "*" to match all IP addresses as suggested in the HowToForge link, that is generally a bad idea.

• portmapper might be using the TCP wrappers permissions files - /etc/hosts.deny and /etc/hosts.allow - see "man 5 hosts_access" for the format of these files. look in the syslog files for the IP address of the client to see if there are any messages about that client.

• Even though you think you turned the firewall off, run "iptables -vL" to see if there are any rules you overlooked and whether they have any hits.

• If you have custom MTU settings on any of the machines (for example, on storage-specific LANs people often set up jumbo packets) make sure that there are no mismatches. This is unlikely to happen on a home network.

• Your sniff shows the client is attempting to connect via TCP to the nfs port 2048, it's possible the client is configured for NFSv4 and the server is configured for NFSv3 or lower. You might see this with the rpcinfo command, since it shows the versions of NFS supported by the server.