On Mon, Aug 19, 2002 at 04:04:52PM -0700, nate wrote: | Derrick dman Hudson said: | > I have a router/firewall on the LAN. It is a small 486 machine with 8MB | | > Aug 19 17:32:55 dman2 rpc.statd[3216]: Version 1.0 Starting | > Aug 19 17:33:05 dman2 rpc.statd[3217]: unable to register (statd, 1, | > udp). | > What causes this error? | | quite likely your firewall is preventing connections, what I do when | I need to load NFS, is clear the firewall, load the NFS then re | instate the firewall Indeed, the firewall is causing the problem, somehow. If I drop all rules, then I can start nfs and mount the volume from my other machine. The interesting part is that I can afterwrads re-instate the firewall without losing the mount. (I do allow ESTABLISHED connections, using 2.4.17 on the router and 2.4.18 on the other box) Now I can run 'apt-get install <foo>' and it takes mere seconds (if that) instead of minutes upon minutes to "Build Dependency Tree". Woohoo. Now the only problem is : dpkg: unable to lock dpkg status database: No locks available W: Not using locking for nfs mounted lock file /var/lib/dpkg/lock W: You may want to run apt-get update to correct these problems W: Not using locking for nfs mounted lock file /var/cache/apt/archives/lock E: Sub-process /usr/bin/dpkg returned an error code (2) and the corresponding client-side syslog messages : Aug 19 22:10:52 dman kernel: nsm_mon_unmon: rpc failed, status=-13 Aug 19 22:10:52 dman kernel: lockd: cannot monitor 192.168.0.1 Aug 19 22:10:52 dman kernel: lockd: failed to monitor 192.168.0.1 This happens with and without the firewall. Maybe I should drop the firewall on the client machine too ... Checking 'rpcinfo -p 192.168.0.1' (on the client, to the server, with and without the server's firewall) I get this in the output 100021 1 udp 3345 nlockmgr 100021 3 udp 3345 nlockmgr 100021 4 udp 3345 nlockmgr Any further ideas? The firewall is at http://dman.ddts.net/~dman/post/FIREWALL.486 | (it can be done in maybe a second, Not when the system thrashes for longer than that :-). | so there is little risk). Yeah, I don't have any unwanted services running, and I don't believe there are any vulnerabilities in what is running so dropping the protection isn't the end of the world. However, I do lose incoming connections (which are DNATted to the real server) and masquerading and transparent http proxying (but no one is using the web right now anyways). | > If I try to start 'nfs-server' (ignoring the above error for now) | > yields these errors : | | the rpc services can't talk to portmapper probably due to the firewall Yeah. Does nfs-common (statd, lockd) need to be started before nfs-server (nfsd and mountd)? | > On a related note, I have a spare line printer which requires a | > parallel port. Can I use the parallel port via NFS and thus allow cups | > to run on the more capable machine? If not, what is recommended as an | > extremely lightweight printer daemon? I will do all data stream | > conversion on the bigger system using cups (that works already) and use | > that daemon merely to pass data from the network to the serial port. | | not really, the device file is mainly a pointer to where in the | kernel to send the data I believe. if you share the device over | NFS(which may not even be possible to begin with, I've never tried | sucha thing), it will probably try to use the local kernel on the client. Now that I can get the mount, you are right. The nfs client ends up using its own parallel port. It was worth a shot :-). | your better off running a lpd server with cups, which is the | package cupsys-bsd. I use it on many systems and it works great. cupsys-bsd has the BSD clients. I have all of cups on the decent machine, and it works great. I just don't think the router has enough resources to run cups. All I really need is another parallel port (or two). | then setup your server with another lpd to have it spool to | your cups lpd. be sure you firewall the printer port(515). I'll try the 'lpr' package because it is smaller than lprng. Only my cups system will be communicating with it, and cups will do the PS-><whatever> conversion. Now I need a printcap that simply feeds the data out /dev/lp0 (no filters or anything). -D -- I can do all things through Christ who strengthens me. Philippians 4:13 http://dman.ddts.net/~dman/
Attachment:
pgpy99lE0n6jH.pgp
Description: PGP signature