Re: NFS and iptables during bootup

To: Debian User <debian-user@lists.debian.org>
Subject: Re: NFS and iptables during bootup
From: Tom H <tomh0665@gmail.com>
Date: Mon, 4 Aug 2014 15:49:05 -0400
Message-id: <[🔎] CAOdo=SxTVDSBNc6k7sSaVOq-eM_b7uEkzGDZph_sjXtkqYN58A@mail.gmail.com>
In-reply-to: <[🔎] CAJx5YvGkTc0eZ_XHXaGrtQB5pvy09Bx12UT65Ko5kdeAuPPdwQ@mail.gmail.com>
References: <[🔎] CAJx5YvGkTc0eZ_XHXaGrtQB5pvy09Bx12UT65Ko5kdeAuPPdwQ@mail.gmail.com>

On Mon, Aug 4, 2014 at 10:52 AM, Martin T <m4rtntns@gmail.com> wrote:
>
> I made a very simple bash script which loads the iptables
> configuration from /etc/firewall.conf and /etc/firewall6.conf files:
>
> # cat /etc/init.d/firewall
> #!/bin/bash
>
> iptables-restore < /etc/firewall.conf
> ip6tables-restore < /etc/firewall6.conf
>
> Script is stored in /etc/init.d/ directory, but I haven't configured
> init to load this script directly. I use the pre-up option in
> /etc/network/interfaces instead:
>
> # grep pre-up /etc/network/interfaces
>   pre-up /etc/init.d/firewall
>
> /etc/firewall.conf and /etc/firewall6.conf contain few simple
> allow-rules to input chain and set default policies for chains in
> input table to drop.
>
> Now if I reload the machine, the bootup takes more than 6 minutes.
> Bootlog can be seen below:
>
> ...
> Mon Aug  4 15:43:39 2014: Starting portmap daemon....
> Mon Aug  4 15:43:39 2014: Starting NFS common utilities: statdSetting
> kernel variables ...done.
> Mon Aug  4 15:46:39 2014:  ^[[31mfailed!^[[39;49m
> ...
> Mon Aug  4 15:46:40 2014: startpar: service(s) returned failure:
> nfs-common ... ^[[31mfailed!^[[39;49m
> ...
> Mon Aug  4 15:46:40 2014: Starting portmap daemon...Already running..
> ...
> Mon Aug  4 15:46:40 2014: Starting NFS common utilities: statd
> ^[[31mfailed!^[[39;49m
> ...
>
> Once the system is started, the iptables and ip6tables rules are
> properly installed. According to log messages seen above, the problem
> seems to be with NFS. Has anyone seen something like this before?

What makes you think that it's iptables that's preventing statd?

Do you have this problem when you comment out "pre-up ..."?

Is there more info about nfs/statd in "/var/log/"?

Is "/usr" a separate filesystem mount?

Can you start nfs after the system boots?

Small "style" nitpick: Since "/etc/init.d/firewall" isn't integrated
into sysvinit, you might as well move it to
"/etc/{,firewall,network}"; or move it to "/etc/network/pre-up.d/" and
remove the "pre-up ..." line. I prefer installing iptables-persistent
but you might not want to or be allowed to...

Reply to:

Follow-Ups:
- Re: NFS and iptables during bootup
  - From: Martin T <m4rtntns@gmail.com>

References:
- NFS and iptables during bootup
  - From: Martin T <m4rtntns@gmail.com>

Prev by Date: Re: End of hypocrisy ?
Next by Date: Re: End of hypocrisy ?
Previous by thread: Re: NFS and iptables during bootup
Next by thread: Re: NFS and iptables during bootup
Index(es):
- Date
- Thread