[Solved] RPC mount export: RPC: Unable to receive; errno = No route to host

Environment: two rhel7, one server (172.24.11.10) and one client (172.24.11.20)

Firewall release command

[root@server /]# firewall-cmd --add-service=rpc-bind

However, the remote end is still unable to show the mount

[root@system2 desktop]# showmount -e 172.24.11.10
rpc mount export: RPC: Unable to receive; errno = No route to host

Shows that there is no route

ping

[root@system2 desktop]# ping 172.24.11.10
PING 172.24.11.10 (172.24.11.10) 56(84) bytes of data.
64 bytes from 172.24.11.10: icmp_seq=1 ttl=64 time=0.502 ms
64 bytes from 172.24.11.10: icmp_seq=2 ttl=64 time=0.279 ms
64 bytes from 172.24.11.10: icmp_seq=3 ttl=64 time=0.275 ms

Very strange, put the firewall, routing can ping

Turn off the firewall completely

[root@server /]# iptables -F

Then show mount on the client

[root@system2 desktop]# showmount -e 172.24.11.10
Export list for 172.24.11.10:
/protected 172.24.11.0/24
/public    172.24.11.0/24

Ah, it’s successful. It’s beautiful

Problem: firewall problem, firewall can not completely release the port

————————————————————————————————————-

At this point, the problem is caused by the defect of firewall itself, so we need to find the port

Grab the package on the client to see what went wrong

When the firewall is on

[root@system2 desktop]# tcpdump -nn -i eth0 host 172.24.11.10
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
22:23:21.900845 IP 172.24.11.20.706 > 172.24.11.10.111: UDP, length 56
22:23:21.901279 IP 172.24.11.10.111 > 172.24.11.20.706: UDP, length 28
22:23:21.901582 IP 172.24.11.20.706 > 172.24.11.10.111: UDP, length 56
22:23:21.901820 IP 172.24.11.10.111 > 172.24.11.20.706: UDP, length 28
22:23:21.902010 IP 172.24.11.20.706 > 172.24.11.10.20048: UDP, length 92

When the firewall is closed (there is a difference between the two commands, look carefully. The port number of mountd is 20048

[root@system2 desktop]# tcpdump -n -i eth0 host 172.24.11.10
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
22:27:27.270023 IP 172.24.11.20.811 > 172.24.11.10.sunrpc: UDP, length 56
22:27:27.271061 IP 172.24.11.10.sunrpc > 172.24.11.20.811: UDP, length 28
22:27:27.271562 IP 172.24.11.20.811 > 172.24.11.10.sunrpc: UDP, length 56
22:27:27.283415 IP 172.24.11.10.sunrpc > 172.24.11.20.811: UDP, length 28
22:27:27.288704 IP 172.24.11.20.811 > 172.24.11.10.mountd: UDP, length 92
22:27:27.295383 IP 172.24.11.10.mountd > 172.24.11.20.811: UDP, length 120

Problem: when the client requests port 20048 from the server, it is rejected

Look at port 20048 on the server

[root@server /]# netstat -ntulp | grep 20048
tcp        0      0 0.0.0.0:20048           0.0.0.0:*               LISTEN      7675/rpc.mountd     
tcp6       0      0 :::20048                :::*                    LISTEN      7675/rpc.mountd     
udp        0      0 0.0.0.0:20048           0.0.0.0:*                           7675/rpc.mountd     
udp        0      0 0.0.0.0:20048           0.0.0.0:*                           7675/rpc.mountd     
udp6       0      0 :::20048                :::*                                7675/rpc.mountd     
udp6       0      0 :::20048                :::*                                7675/rpc.mountd     

Of rpc.mount

Release port 20048

[root@server /]# firewall-cmd --add-port=20048/udp
success

See if the client can show mount successfully

[root@system2 desktop]# showmount -e 172.24.11.10
Export list for 172.24.11.10:
/protected 172.24.11.0/24
/public    172.24.11.0/24

Success!

Similar Posts: