On Sun, 2019-11-17 at 08:48 +0800, Ed Greshko wrote:
On 11/17/19 8:35 AM, Ed Greshko wrote:
> On 11/17/19 2:48 AM, Patrick O'Callaghan wrote:
> > But from the guest:
> > [poc@fedora30 ~]$ showmount -e bree
> > clnt_create: RPC: Unable to receive
> >
> > What am I missing?
> OK, I put up an nfs server on the host and get the same error.
>
> If I disable the firewall on the host, it succeeds.
>
> Strangely, looking at wireshark output it seems port 111 is unreachable. Even if I
explicitly enable that port
> the problem persists.
>
OK, I fixed it....
I put the interface virbr0 in the FW zone libvirt.
On the host...
[root@meimei ~]# firewall-cmd --list-all --zone=libvirt
libvirt (active)
target: ACCEPT
icmp-block-inversion: no
interfaces: virbr0
sources:
services: dhcp dhcpv6 dns mountd nfs nfs3 rpc-bind ssh tftp
ports:
protocols: icmp ipv6-icmp
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule priority="32767" reject
That did it. In fact virbr0 was already in the libvirt zone, but the
various NFS services were not installed there.
This stuff is definitely not obvious. Note that you have to repeat the
service additions with the --permanent flag or it will all be lost on
the next reboot.
Thanks Ed.
poc