On Sun, 2019-11-17 at 08:48 +0800, Ed Greshko wrote: > On 11/17/19 8:35 AM, Ed Greshko wrote: > > On 11/17/19 2:48 AM, Patrick O'Callaghan wrote: > > > But from the guest: > > > [poc@fedora30 ~]$ showmount -e bree > > > clnt_create: RPC: Unable to receive > > > > > > What am I missing? > > OK, I put up an nfs server on the host and get the same error. > > > > If I disable the firewall on the host, it succeeds. > > > > Strangely, looking at wireshark output it seems port 111 is unreachable. > > Even if I explicitly enable that port > > the problem persists. > > > > OK, I fixed it.... > > I put the interface virbr0 in the FW zone libvirt. > > On the host... > > [root@meimei ~]# firewall-cmd --list-all --zone=libvirt > libvirt (active) > target: ACCEPT > icmp-block-inversion: no > interfaces: virbr0 > sources: > services: dhcp dhcpv6 dns mountd nfs nfs3 rpc-bind ssh tftp > ports: > protocols: icmp ipv6-icmp > masquerade: no > forward-ports: > source-ports: > icmp-blocks: > rich rules: > rule priority="32767" reject
That did it. In fact virbr0 was already in the libvirt zone, but the various NFS services were not installed there. This stuff is definitely not obvious. Note that you have to repeat the service additions with the --permanent flag or it will all be lost on the next reboot. Thanks Ed. poc _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
