HPE Community
Operating System - HP-UX
1834769 Members
2865 Online
110070 Solutions
New Discussion

Mount from Linux to HP-UX through firewall.

 
SOLVED
Go to solution
Stuart Abramson_2
Honored Contributor

‎10-31-2003 07:07 AM

‎10-31-2003 07:07 AM

Mount from Linux to HP-UX through firewall.

We have a LINUX server in our DMZ, from which we wish to export a file system to mount on HP-UX in our computer room. There is, of course, a firewall between the HP-UX and Linux servers.

HP-UX is failing with the following messages:

# showmount -e 172.20.209.22
showmount: 172.20.209.22: RPC: Miscellaneous tli error - bad flags

# mount 172.20.209.22:/var/tomcat4/invoicingXML /tmp/dummy
nfs mount: get_fh: 172.20.209.22:: RPC: Timed out
nfs mount: get_fh: 172.20.209.22:: RPC: Timed out
nfs mount: retry: retrying(1) for: /tmp/dummy after 5 seconds
nfs mount: retry: giving up on: /tmp/dummy

We have verified that the Linux server is properly configured to export the filesystem, and the HP-UX server is properly configured to mount the file system.

The problem appears to be the DMZ firewall, which is blocking somehting.

Have other people done this? What ports do we need to open?:

111.........portmap
1110........nfsd-status
2049........nfs

Is it possible that Linux and HP-UX can't communicate in an NFS "interrelationship". I'd think that they could. (We don't have any Linux inside our firewall.)

0 Kudos
Reply
7 REPLIES 7
Jerome Henry
Honored Contributor

‎10-31-2003 07:16 AM

‎10-31-2003 07:16 AM

Solution

Re: Mount from Linux to HP-UX through firewall.

Hi,

you are right on your ports number. But NFS relies on RPC, which uses random ports when they starts. So, in your Fw config, you need to open dest ports 111, 1110 if you need remote admin, and 2049, but src any > 1024 !

hth

J
You can lean only on what resists you...
Reply
Rusty Sapper
Frequent Advisor

‎10-31-2003 07:17 AM

‎10-31-2003 07:17 AM

Re: Mount from Linux to HP-UX through firewall.

Stuart,
Linux and HP-UX can definitly NFS each other. It really looks like a firewall issue. I would start with allowing the nfs port of 2049, remembering that nfs is udp.


hth,


-Rusty
Reply
John Dvorchak
Honored Contributor

‎10-31-2003 07:20 AM

‎10-31-2003 07:20 AM

Re: Mount from Linux to HP-UX through firewall.

There in lies the problem. As Jerome points out, you have to open so many ports through the firewall that it is no longer a firewall.

As for whether Linux and HPUX will play together, I have 60 Linux boxes NFS mounting filesytems from 12 HPUX boxes. Yes they play nicely together and without any special commands or tricks.
If it has wheels or a skirt, you can't afford it.
Reply
Steven E. Protter
Exalted Contributor

‎10-31-2003 07:22 AM

‎10-31-2003 07:22 AM

Re: Mount from Linux to HP-UX through firewall.

In order to do an Linux NFS mount through a firewall port 2049 must be open on the firewall AND the Linux box.

On the Linux box there is almost always a firewall meant to protect the Linux box.

Later releases use ip-tables
iptables -L displays the rules
the config file is /etc/sysconfig/iptables

ipchains in older boxes:
ipchains -L(I think) to display
config: /etc/sysconfig/ipchains

I have done NFS mounts from HP-UX to Linux and Linux to HP-UX so I'll state emphatically, the task can be accomplished.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Rusty Sapper
Frequent Advisor

‎10-31-2003 07:28 AM

‎10-31-2003 07:28 AM

Re: Mount from Linux to HP-UX through firewall.

I also think your best practice would be to only allow those >1024 ports out thru your firewall, and not in. So you could mount from the inside server -> outside server. You don't want to allow those ports open on incoming traffic though.


-Rusty
Reply
benoit Bruckert
Honored Contributor

‎11-02-2003 09:45 PM

‎11-02-2003 09:45 PM

Re: Mount from Linux to HP-UX through firewall.

Hi,
It depends the kind of firewall you are using.
Some one can manage nfs transactions, some others not.
On way to solve it is to run nfs over tcp -it's possible with HP-UX (I did it between 2 HP-UX through a firewall).
Concerning Linux, it's possible with recent kernel (check experimental in your kernel config). By this way config is easier, and you keep your security...

hope that help

Benoit

Une application mal pansée aboutit à une usine à gaze (GHG)
Reply
Kevin Wright
Honored Contributor

‎11-04-2003 08:33 AM

‎11-04-2003 08:33 AM

Re: Mount from Linux to HP-UX through firewall.

111, 2049, and 4045 work good through a pix, I have done is with Solaris for home directories successfully.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.