CentOS 5 updated, Xen host. The portmap on this machine is somehow "stuck" and I can't figure out why. I enabled it to be able to mount a remote nfs share. The first hurdle was that "portmap" didn't appear in the chkconfig list, it was installed with the initial packages but not added to chkconfig. Took me a while to figure this out. Adding and starting it up is no problem. But nfs still doesn't work and when I try rpcinfo -p that just hangs until it finally times out after a long while (rpcinfo to another machine is fine). An strace at that time indeed shows that it is stuck trying to connect to port 111 on localhost. Same when I try to connect with telnet. Port 111 shows up on lsof UDP and TCP and there's no error when portmap starts up. There's nothing in iptables or hosts.deny that could prevent a connect. SELinux is permissive. What could block those connects?
Kai
On Thursday 27 March 2008 19:31:16 Kai Schaetzl wrote:
CentOS 5 updated, Xen host. The portmap on this machine is somehow "stuck" and I can't figure out why. I enabled it to be able to mount a remote nfs share. The first hurdle was that "portmap" didn't appear in the chkconfig list, it was installed with the initial packages but not added to chkconfig. Took me a while to figure this out. Adding and starting it up is no problem. But nfs still doesn't work and when I try rpcinfo -p that just hangs until it finally times out after a long while (rpcinfo to another machine is fine). An strace at that time indeed shows that it is stuck trying to connect to port 111 on localhost. Same when I try to connect with telnet. Port 111 shows up on lsof UDP and TCP and there's no error when portmap starts up. There's nothing in iptables or hosts.deny that could prevent a connect. SELinux is permissive. What could block those connects?
Would it be ok if you paste the result of iptables -nL here? Just to make sure.
Fajar Priyanto wrote on Thu, 27 Mar 2008 20:47:23 +0700:
Would it be ok if you paste the result of iptables -nL here?
There's really nothing in it, I disabled the RH-firewall. ;-)
Chain INPUT (policy ACCEPT) target prot opt source destination
Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vif1.0
Chain OUTPUT (policy ACCEPT) target prot opt source destination
Kai
On Thursday 27 March 2008 22:01:24 Kai Schaetzl wrote:
Fajar Priyanto wrote on Thu, 27 Mar 2008 20:47:23 +0700: There's really nothing in it, I disabled the RH-firewall. ;-)
Chain INPUT (policy ACCEPT) target prot opt source destination
Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vif1.0
Chain OUTPUT (policy ACCEPT) target prot opt source destination
Ok :) So it's wide open. And you said that there's nothing in /etc/hosts.deny too?
Fajar Priyanto wrote on Fri, 28 Mar 2008 01:05:02 +0700:
And you said that there's nothing in /etc/hosts.deny too?
No, both hosts.allow and hosts.deny were in mint state. I even added portmap to hosts.allow just to see if it made a difference, but it didn't.
Kai
Hm, it's working again, I just don't know why. I let firstboot run again because I wanted to troubleshoot another problem, reenabled the RH- Firewall in it und suddenly it works again. I disabled it again and rebooted several times since then and portmap is still responding. Weird.
Kai
Kai Schaetzl wrote:
Hm, it's working again, I just don't know why. I let firstboot run again because I wanted to troubleshoot another problem, reenabled the RH- Firewall in it und suddenly it works again. I disabled it again and rebooted several times since then and portmap is still responding. Weird.
Did your xenbr0 mysteriously come up too?
-Ross
______________________________________________________________________ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof.
Ross S. W. Walker wrote on Thu, 27 Mar 2008 14:35:24 -0400:
Did your xenbr0 mysteriously come up too?
No :-(
Kai
-
Fajar Priyanto -
Kai Schaetzl -
Ross S. W. Walker