zoukankan      html  css  js  c++  java

  • 【转】使用NFS时在防火墙上要开放的端口

    来源:http://blog.csdn.net/armeasy/article/details/6005703

    mount 10.12.13.11:/vol/lft_jjmk  /mnt
    挂载不上,原因网络上有限制权限的配置,为了摸清楚挂载nfs需要开通哪些端口,这里做了如下尝试。
     
    敲了命令后,处于等待状态
    mount 10.12.13.11:/vol/lft_jjmk /mnt
     
    同时开启另一个窗口。执行netstat -an
    [root@LFTt-test02 ~]# netstat -an |grep 10.12.13.11
    tcp        0      1 10.12.4.24:34122             10.12.13.11:11             SYN_SENT 
    tcp        0      1 10.12.4.24:717              10.12.13.11:2049            SYN_SENT    
    udp        0      0 10.12.4.24:37291            10.12.13.11:*               ESTABLISHED 
     
    根据截图可以看出 需要 tcp的111 和2049
    另外还有一个10.12.13.11:*  先不管他,开通这两个端口的权限后,发现还是连不上。
     
     
    通过tcpdump抓包,得到   本机挂载nfs的时候  会调用  111 2049  以及一个udp 连接 acp-proto 端口
    命令:tcpdump -i eht0  dst  host 10.12.13.11
    抓包 发现需要 udp 连接 acp-proto 端口,后来查出来是4046端口
     
    此时,我找网络的同事添加网络权限,111 2049  4046 端口的权限给这个服务器A 去访问10.12.13.11
    结果还是连不上
     
    继续
     
    然后找了一个可以正常挂载的服务器,进行一次抓吧  发现一次正常的挂载操作中,会涉及这些端口
    nfs  tcp 2049 这个很明显到处都是
    sunrpc tcp 111 这个很明显到处都是
    sunrpc udp 111 其中这个很难发现,仔细排查才看到
    acp-proto udp 4046 其中仔细看udp的会找到
     
    然后配上权限访问10.12.13.11 的 这4个端口,重新尝试  可以正常挂载了。 
    tcp  111 2049 端口
    udp 111  4046 端口

    下面是一个 nfs 正常挂载的 tcpdump的抓包过程
    tcpdump -i eht0 dst host 10.12.13.11
    13:14:42.208825 IP 172.16.4.134.818 > 10.12.13.11.nfs: Flags [S], seq 3321839051, win 14600, options [mss 1460,sackOK,TS val 3321390887 ecr 0,nop,wscale 7], length 0
    13:14:42.210567 IP 172.16.4.134.818 > 10.12.13.11.nfs: Flags [.], ack 3365250555, win 115, options [nop,nop,TS val 3321390889 ecr 298615938], length 0
    13:14:42.210626 IP 172.16.4.134.1152395164 > 10.12.13.11.2049: 40 null
    13:14:42.212157 IP 172.16.4.134.818 > 10.12.13.11.nfs: Flags [.], ack 37, win 115, options [nop,nop,TS val 3321390890 ecr 298615940], length 0
    13:14:42.212236 IP 172.16.4.134.818 > 10.12.13.11.nfs: Flags [F.], seq 44, ack 37, win 115, options [nop,nop,TS val 3321390890 ecr 298615940], length 0
    13:14:42.213883 IP 172.16.4.134.818 > 10.12.13.11.nfs: Flags [.], ack 38, win 115, options [nop,nop,TS val 3321390892 ecr 298615941], length 0
    13:14:42.220327 IP 172.16.4.134.48913 > 10.12.13.11.sunrpc: Flags [S], seq 4275201135, win 14600, options [mss 1460,sackOK,TS val 3321390899 ecr 0,nop,wscale 7], length 0
    13:14:42.222117 IP 172.16.4.134.48913 > 10.12.13.11.sunrpc: Flags [.], ack 2204017511, win 115, options [nop,nop,TS val 3321390900 ecr 298615949], length 0
    13:14:42.228992 IP 172.16.4.134.48913 > 10.12.13.11.sunrpc: Flags [P.], seq 0:60, ack 1, win 115, options [nop,nop,TS val 3321390907 ecr 298615949], length 60
    13:14:42.230805 IP 172.16.4.134.48913 > 10.12.13.11.sunrpc: Flags [.], ack 33, win 115, options [nop,nop,TS val 3321390909 ecr 298615958], length 0
    13:14:42.230868 IP 172.16.4.134.48913 > 10.12.13.11.sunrpc: Flags [F.], seq 60, ack 33, win 115, options [nop,nop,TS val 3321390909 ecr 298615958], length 0
    13:14:42.230930 IP 172.16.4.134.53578 > 10.12.13.11.nfs: Flags [S], seq 3487179920, win 14600, options [mss 1460,sackOK,TS val 3321390909 ecr 0,nop,wscale 7], length 0
    13:14:42.232507 IP 172.16.4.134.48913 > 10.12.13.11.sunrpc: Flags [.], ack 34, win 115, options [nop,nop,TS val 3321390911 ecr 298615960], length 0
    13:14:42.232658 IP 172.16.4.134.53578 > 10.12.13.11.nfs: Flags [.], ack 3914232987, win 115, options [nop,nop,TS val 3321390911 ecr 298615960], length 0
    13:14:42.232731 IP 172.16.4.134.3326872918 > 10.12.13.11.2049: 40 null
    13:14:42.234326 IP 172.16.4.134.53578 > 10.12.13.11.nfs: Flags [.], ack 29, win 115, options [nop,nop,TS val 3321390913 ecr 298615962], length 0
    13:14:42.234387 IP 172.16.4.134.53578 > 10.12.13.11.nfs: Flags [F.], seq 44, ack 29, win 115, options [nop,nop,TS val 3321390913 ecr 298615962], length 0
    13:14:42.234554 IP 172.16.4.134.41320 > 10.12.13.11.sunrpc: UDP, length 56
    13:14:42.236058 IP 172.16.4.134.53578 > 10.12.13.11.nfs: Flags [.], ack 30, win 115, options [nop,nop,TS val 3321390914 ecr 298615963], length 0
    13:14:42.236356 IP 172.16.4.134.33212 > 10.12.13.11.acp-proto: UDP, length 40
    13:14:42.238234 IP 172.16.4.134.944 > 10.12.13.11.acp-proto: UDP, length 40
    13:14:42.240047 IP 172.16.4.134.944 > 10.12.13.11.acp-proto: UDP, length 88
    13:14:42.241996 IP 172.16.4.134.59597 > 10.12.13.11.sunrpc: Flags [S], seq 525024676, win 14600, options [mss 1460,sackOK,TS val 3321390920 ecr 0,nop,wscale 7], length 0
    13:14:42.243782 IP 172.16.4.134.59597 > 10.12.13.11.sunrpc: Flags [.], ack 2351267448, win 115, options [nop,nop,TS val 3321390922 ecr 298615971], length 0
    13:14:42.243809 IP 172.16.4.134.59597 > 10.12.13.11.sunrpc: Flags [P.], seq 0:88, ack 1, win 115, options [nop,nop,TS val 3321390922 ecr 298615971], length 88
    13:14:42.245561 IP 172.16.4.134.59597 > 10.12.13.11.sunrpc: Flags [.], ack 33, win 115, options [nop,nop,TS val 3321390924 ecr 298615973], length 0
    13:14:42.245592 IP 172.16.4.134.59597 > 10.12.13.11.sunrpc: Flags [F.], seq 88, ack 33, win 115, options [nop,nop,TS val 3321390924 ecr 298615973], length 0
    13:14:42.245646 IP 172.16.4.134.846 > 10.12.13.11.nfs: Flags [S], seq 1850298836, win 14600, options [mss 1460,sackOK,TS val 3321390924 ecr 0,nop,wscale 7], length 0
    13:14:42.247281 IP 172.16.4.134.59597 > 10.12.13.11.sunrpc: Flags [.], ack 34, win 115, options [nop,nop,TS val 3321390926 ecr 298615975], length 0
    13:14:42.247581 IP 172.16.4.134.846 > 10.12.13.11.nfs: Flags [.], ack 2793687147, win 115, options [nop,nop,TS val 3321390926 ecr 298615975], length 0
    13:14:42.247634 IP 172.16.4.134.822659610 > 10.12.13.11.2049: 40 null
    13:14:42.249445 IP 172.16.4.134.846 > 10.12.13.11.nfs: Flags [.], ack 29, win 115, options [nop,nop,TS val 3321390928 ecr 298615977], length 0
    13:14:42.250671 IP 172.16.4.134.839436826 > 10.12.13.11.2049: 40 null
    13:14:42.252384 IP 172.16.4.134.856214042 > 10.12.13.11.2049: 108 fsinfo fh 0,64/1073741824
    13:14:42.254330 IP 172.16.4.134.872991258 > 10.12.13.11.2049: 108 pathconf fh 0,64/1073741824
    13:14:42.256247 IP 172.16.4.134.889768474 > 10.12.13.11.2049: 108 fsinfo fh 0,64/1073741824
    13:14:42.297329 IP 172.16.4.134.846 > 10.12.13.11.nfs: Flags [.], ack 537, win 140, options [nop,nop,TS val 3321390976 ecr 298615985], length 0

    其他好用的tcpdump命令

    [root@monitor ~]# tcpdump tcp port 111 and dst host 10.12.13.11 -n
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
    13:32:30.070052 IP 172.16.4.134.55618 > 10.12.13.11.sunrpc: Flags [S], seq 3437328233, win 14600, options [mss 1460,sackOK,TS val 3322458748 ecr 0,nop,wscale 7], length 0
    13:32:30.071842 IP 172.16.4.134.55618 > 10.12.13.11.sunrpc: Flags [.], ack 1251460408, win 115, options [nop,nop,TS val 3322458750 ecr 299683835], length 0
    13:32:30.073784 IP 172.16.4.134.55618 > 10.12.13.11.sunrpc: Flags [P.], seq 0:60, ack 1, win 115, options [nop,nop,TS val 3322458752 ecr 299683835], length 60
    13:32:30.075537 IP 172.16.4.134.55618 > 10.12.13.11.sunrpc: Flags [.], ack 33, win 115, options [nop,nop,TS val 3322458754 ecr 299683839], length 0
    13:32:30.075618 IP 172.16.4.134.55618 > 10.12.13.11.sunrpc: Flags [F.], seq 60, ack 33, win 115, options [nop,nop,TS val 3322458754 ecr 299683839], length 0
    13:32:30.077275 IP 172.16.4.134.55618 > 10.12.13.11.sunrpc: Flags [.], ack 34, win 115, options [nop,nop,TS val 3322458755 ecr 299683841], length 0
    13:32:30.087082 IP 172.16.4.134.44143 > 10.12.13.11.sunrpc: Flags [S], seq 2174267455, win 14600, options [mss 1460,sackOK,TS val 3322458765 ecr 0,nop,wscale 7], length 0
    13:32:30.088851 IP 172.16.4.134.44143 > 10.12.13.11.sunrpc: Flags [.], ack 3403567045, win 115, options [nop,nop,TS val 3322458767 ecr 299683852], length 0
    13:32:30.088893 IP 172.16.4.134.44143 > 10.12.13.11.sunrpc: Flags [P.], seq 0:88, ack 1, win 115, options [nop,nop,TS val 3322458767 ecr 299683852], length 88
    13:32:30.090598 IP 172.16.4.134.44143 > 10.12.13.11.sunrpc: Flags [.], ack 33, win 115, options [nop,nop,TS val 3322458769 ecr 299683854], length 0
    13:32:30.090637 IP 172.16.4.134.44143 > 10.12.13.11.sunrpc: Flags [F.], seq 88, ack 33, win 115, options [nop,nop,TS val 3322458769 ecr 299683854], length 0
    13:32:30.092522 IP 172.16.4.134.44143 > 10.12.13.11.sunrpc: Flags [.], ack 34, win 115, options [nop,nop,TS val 3322458771 ecr 299683856], length 0

    tcpdump -i eht0 udp port 111 and dst host 10.12.13.11
    13:21:29.656365 IP 172.16.4.134.42505 > 10.12.13.11.sunrpc: UDP, length 56

     
    然后配上权限访问10.12.13.11 的 这4个端口,重新尝试  可以正常挂载了。 
    tcp  111 2049 端口
    udp 111  4046 端口
     
     
     
  • 相关阅读:
    BZOJ3562 : [SHOI2014]神奇化合物
    BZOJ3559 : [Ctsc2014]图的分割
    BZOJ3551 : [ONTAK2010]Peaks加强版
    BZOJ3542:DZY Loves March
    李洪强iOS开发之
    iOS学习之iOS沙盒(sandbox)机制和文件操作1
    iOS学习之iOS沙盒(sandbox)机制和文件操作
    stringByAppendingPathComponent和stringByAppendingString 的区别
    iOS开发:Toast for iPhone
    深度解析开发项目之 01
  • 原文地址:https://www.cnblogs.com/fengaix6/p/8392672.html
Copyright © 2011-2022 走看看