14

The Host

I have a host, running Ubuntu 12.04, at 10.0.0.202. It provides an NFS share for other machines on the network. Here is the contents of /etc/exports:

/media/storagedrive 10.0.0.0/24(rw,sync,no_subtree_check)

The intention here is to share the contents of /media/storagedrive to other machines on the network in the IP range 10.0.0.0 - 10.0.0.255.

Working Client

This works correctly with a client machine at 10.0.0.40, running Ubuntu 13.10, known as MattDev. That machine's /etc/fstab looks like this:

UUID=8f8c838e-3ea2-457a-87f0-57b12dfab06c /               ext4    errors=remount-ro 0       1
UUID=427089d4-46a2-432d-9df4-7016bdfc7df2 none            swap    sw              0       0
10.0.0.202:/media/storagedrive /mnt/NetworkStorageDrive nfs rsize=8192,wsize=8192,timeo=14,intr

And ls -al /mnt/ on that machine looks like this:

total 12K
drwxr-xr-x  3 root root    4.0K Feb  4 17:48 .
drwxr-xr-x 23 root root    4.0K Feb  5 08:44 ..
drwxrwxr-x  7 root plugdev 4.0K Feb  5 11:43 NetworkStorageDrive

The output of id looks like this:

uid=1000(matt) gid=1000(matt) groups=1000(matt),4(adm),24(cdrom),27(sudo),30(dip),33(www-data),46(plugdev),112(lpadmin),124(sambashare)

Non-Working Virtual Client

I have a second client machine, running Ubuntu 12.10, as a guest OS on a Windows 7 host machine. The host machine is on the network as 10.0.0.28. The guest machine is being managed by Vagrant, using VirtualBox 4.3.6 as a provider. I'll call the Windows 7 host AlexDevHost and the Ubuntu guest AlexDevGuest.

Running showmount -e 10.0.0.202 on AlexDevGuest produces:

Export list for 10.0.0.202:
/media/storagedrive 10.0.0.0/24

However, when I try to mount the share, it fails:

$ sudo mount 10.0.0.202:/media/storagedrive /mnt/NetworkStorageDrive
mount.nfs: access denied by server while mounting 10.0.0.202:/media/storagedrive

So I started looking for issues:

$ ls -alh /mnt/
total 12K
drwxr-xr-x  3 root root 4.0K Feb  5 12:23 .
drwxr-xr-x 26 root root 4.0K Feb  5 12:23 ..
drwxr-xr-x  2 root root 4.0K Feb  5 12:23 NetworkStorageDrive
$ id
uid=1001(vagrant) gid=1001(vagrant) groups=1001(vagrant)
$

That uid and gid is different to the user matt on MattDev. So I juggled about the uid for vagrant, as I have read that NFS access is controlled by matching the IP address and uids. So now:

$ id
uid=1000(vagrant) gid=1001(vagrant) groups=1001(vagrant)
$ sudo mount 10.0.0.202:/media/storagedrive /mnt/NetworkStorageDrive
mount.nfs: access denied by server while mounting 10.0.0.202:/media/storagedrive
$

Still no success. So now I'm running out of ideas.

  1. What am I doing wrong?
  2. If the uid part is correct, is there a way I can verify that the NFS server machine is seeing my access attempt as coming from 10.0.0.28, and not some other IP not in the allowed range?
Alex
  • 339

1 Answers1

17

Okay, I've worked it out (or at least, I've made it work, and I think I know what was causing it).

I added the insecure flag to the /etc/exports line on the NFS server, so now it looks like this:

/media/storagedrive 10.0.0.0/24(rw,sync,no_subtree_check,insecure)

This flag allows connections to originate from client ports above IPPORT_RESERVED (1024).

The mount command now works.

My guess as to why the lack of the insecure flag was the problem is that VirtualBox was using NAT to pass the request through to the physical network, so while the port on the Ubuntu guest (AlexDevGuest) may have been below 1024, the translated port on the Windows 7 host (AlexDevHost) was probably above 1024, and therefore blocked. Setting the insecure flag meant it was allowed though.

This problem obviously doesn't affect the non-virtual machine MattDev.

Eugeniu Rosca
  • 103
Alex
  • 339