[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: server can't start NFS (also how to share lp0)



On Mon, Aug 19, 2002 at 04:04:52PM -0700, nate wrote:
| Derrick dman Hudson said:
| > I have a router/firewall on the LAN.  It is a small 486 machine with 8MB
| 
| >    Aug 19 17:32:55 dman2 rpc.statd[3216]: Version 1.0 Starting
| >    Aug 19 17:33:05 dman2 rpc.statd[3217]: unable to register (statd, 1,
| >    udp).
| > What causes this error?
| 
| quite likely your firewall is preventing connections, what I do when
| I need to load NFS, is clear the firewall, load the NFS then re
| instate the firewall

Indeed, the firewall is causing the problem, somehow.  If I drop all
rules, then I can start nfs and mount the volume from my other
machine.  The interesting part is that I can afterwrads re-instate the
firewall without losing the mount.  (I do allow ESTABLISHED
connections, using 2.4.17 on the router and 2.4.18 on the other box)

Now I can run 'apt-get install <foo>' and it takes mere seconds (if
that) instead of minutes upon minutes to "Build Dependency Tree".
Woohoo.  Now the only problem is :

    dpkg: unable to lock dpkg status database: No locks available
    W: Not using locking for nfs mounted lock file /var/lib/dpkg/lock
    W: You may want to run apt-get update to correct these problems
    W: Not using locking for nfs mounted lock file /var/cache/apt/archives/lock
    E: Sub-process /usr/bin/dpkg returned an error code (2)

and the corresponding client-side syslog messages :

Aug 19 22:10:52 dman kernel: nsm_mon_unmon: rpc failed, status=-13
Aug 19 22:10:52 dman kernel: lockd: cannot monitor 192.168.0.1
Aug 19 22:10:52 dman kernel: lockd: failed to monitor 192.168.0.1

This happens with and without the firewall.  Maybe I should drop the
firewall on the client machine too ...

Checking 'rpcinfo -p 192.168.0.1' (on the client, to the server, with
and without the server's firewall) I get this in the output
    100021    1   udp   3345  nlockmgr
    100021    3   udp   3345  nlockmgr
    100021    4   udp   3345  nlockmgr

Any further ideas?  The firewall is at
http://dman.ddts.net/~dman/post/FIREWALL.486

| (it can be done in maybe a second,

Not when the system thrashes for longer than that :-).

| so there is little risk).

Yeah, I don't have any unwanted services running, and I don't believe
there are any vulnerabilities in what is running so dropping the
protection isn't the end of the world.  However, I do lose incoming
connections (which are DNATted to the real server) and masquerading
and transparent http proxying (but no one is using the web right now
anyways).

| > If I try to start 'nfs-server' (ignoring the above error for now)
| > yields these errors :
| 
| the rpc services can't talk to portmapper probably due to the firewall

Yeah.  Does nfs-common (statd, lockd) need to be started before
nfs-server (nfsd and mountd)?

| > On a related note, I have a spare line printer which requires a
| > parallel port.  Can I use the parallel port via NFS and thus allow cups
| > to run on the more capable machine?  If not, what is recommended as an
| > extremely lightweight printer daemon?  I will do all data stream
| > conversion on the bigger system using cups (that works already) and use
| > that daemon merely to pass data from the network to the serial port.
| 
| not really, the device file is mainly a pointer to where in the
| kernel to send the data I believe. if you share the device over
| NFS(which may not even be possible to begin with, I've never tried
| sucha thing), it will probably try to use the local kernel on the client.

Now that I can get the mount, you are right.  The nfs client ends up
using its own parallel port.  It was worth a shot :-).

| your better off running a lpd server with cups, which is the
| package cupsys-bsd. I use it on many systems and it works great.

cupsys-bsd has the BSD clients.  I have all of cups on the decent
machine, and it works great.  I just don't think the router has enough
resources to run cups.  All I really need is another parallel port (or
two).

| then setup your server with another lpd to have it spool to
| your cups lpd. be sure you firewall the printer port(515).

I'll try the 'lpr' package because it is smaller than lprng.  Only my
cups system will be communicating with it, and cups will do the
PS-><whatever> conversion.  Now I need a printcap that simply feeds
the data out /dev/lp0 (no filters or anything).

-D

-- 
I can do all things through Christ who strengthens me.
        Philippians 4:13
 
http://dman.ddts.net/~dman/

Attachment: pgpVVhuqagMHL.pgp
Description: PGP signature


Reply to: