showmount rpc mount export: RPC: Unable to receive; errno = No route to host

I’ve been setting up nfs server and nfs client on RedHat 6 and ran into a problem with the firewall.
When showmount command was executed from the client – it was returning following error.

[root@gw ~]# showmount -e 192.168.58.20
rpc mount export: RPC: Unable to receive; errno = No route to host

For a quick test I’ve deactivated firewall rules on nfs server and sure enough – showmount started to work as expected.

[root@gw ~]# showmount -e 192.168.58.20
Export list for 192.168.58.20:
/data 192.168.58.10

Then I ran tcpdump trace on the nfs server and ran command showmount from the client.

[root@west sysconfig]# tcpdump -nn host 192.168.58.10
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
17:30:20.552571 IP 192.168.58.10.692 > 192.168.58.20.111: UDP, length 56
17:30:20.554127 IP 192.168.58.20.111 > 192.168.58.10.692: UDP, length 28
17:30:20.554982 IP 192.168.58.10.692 > 192.168.58.20.38796: Flags [S], seq 391790854, win 5840, options [mss 1460,sackOK,TS val 24287328 ecr 0,nop,wscale 6], length 0
17:30:20.555086 IP 192.168.58.20.38796 > 192.168.58.10.692: Flags [S.], seq 3599606635, ack 391790855, win 5792, options [mss 1460,sackOK,TS val 10617644 ecr 24287328,nop,wscale 6], length 0
17:30:20.555408 IP 192.168.58.10.692 > 192.168.58.20.38796: Flags [.], ack 1, win 92, options [nop,nop,TS val 24287328 ecr 10617644], length 0
17:30:20.556825 IP 192.168.58.10.692 > 192.168.58.20.38796: Flags [P.], seq 1:81, ack 1, win 92, options [nop,nop,TS val 24287330 ecr 10617644], length 80
17:30:20.556849 IP 192.168.58.20.38796 > 192.168.58.10.692: Flags [.], ack 81, win 91, options [nop,nop,TS val 10617646 ecr 24287330], length 0
17:30:20.561901 IP 192.168.58.20.38796 > 192.168.58.10.692: Flags [P.], seq 1:77, ack 81, win 91, options [nop,nop,TS val 10617651 ecr 24287330], length 76
17:30:20.564942 IP 192.168.58.10.692 > 192.168.58.20.38796: Flags [.], ack 77, win 92, options [nop,nop,TS val 24287335 ecr 10617651], length 0
17:30:20.564973 IP 192.168.58.10.692 > 192.168.58.20.38796: Flags [F.], seq 81, ack 77, win 92, options [nop,nop,TS val 24287336 ecr 10617651], length 0
17:30:20.566009 IP 192.168.58.20.38796 > 192.168.58.10.692: Flags [F.], seq 77, ack 82, win 91, options [nop,nop,TS val 10617654 ecr 24287336], length 0
17:30:20.566342 IP 192.168.58.10.692 > 192.168.58.20.38796: Flags [.], ack 78, win 92, options [nop,nop,TS val 24287338 ecr 10617654], length 0

Then activated iptables again and ran another trace

[root@west sysconfig]# tcpdump -nn host 192.168.58.10
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
17:28:19.106875 IP 192.168.58.10.687 > 192.168.58.20.111: UDP, length 56
17:28:19.108146 IP 192.168.58.20.111 > 192.168.58.10.687: UDP, length 28
17:28:19.109633 IP 192.168.58.10.687 > 192.168.58.20.38796: Flags [S], seq 2783177657, win 5840, options [mss 1460,sackOK,TS val 24168915 ecr 0,nop,wscale 6], length 0
17:28:19.109670 IP 192.168.58.20 > 192.168.58.10: ICMP host 192.168.58.20 unreachable - admin prohibited, length 68
17:28:19.110616 IP 192.168.58.10.687 > 192.168.58.20.111: UDP, length 56
17:28:19.111011 IP 192.168.58.20.111 > 192.168.58.10.687: UDP, length 28
17:28:19.112546 IP 192.168.58.10.687 > 192.168.58.20.53364: UDP, length 76
17:28:19.112576 IP 192.168.58.20 > 192.168.58.10: ICMP host 192.168.58.20 unreachable - admin prohibited, length 112

Line 6 in the above trace is particularly interesting.
We can see that client (192.168.58.10) is trying to establish TCP connection towards NFS server (192.168.58.20), it sends TCP SYN towards port 38796 and there is no Syn-Ack in reply.
If compare this “bad” trace to a successful trace with iptables switched off – we can see on lines 6,7,8 a 3 way TCP handshake.
So this is where communication breaks.

Who is listening on port 38796?

[root@west /]# lsof -i4TCP:38796
COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
rpc.mount 2912 root    7u  IPv4  16008      0t0  TCP *:38796 (LISTEN)

So apparently showmount needs access to rpcbind and also to rpc.mount
Port on which rpc.mount listens can be configured in the /etc/sysconfig/nfs

# Port rpc.mountd should listen on.
#MOUNTD_PORT=892

Actually it makes sense to configure this port to some known number, otherwise during next reboot rpc.mount can as well be listening on a totally different port.

Also we can see rpcmount port via

[root@west /]# rpcinfo -p
   program vers proto   port  service
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100000    2   tcp    111  portmapper
    100000    4   udp    111  portmapper
    100000    3   udp    111  portmapper
    100000    2   udp    111  portmapper
    100003    2   tcp   2049  nfs
    100003    3   tcp   2049  nfs
    100003    4   tcp   2049  nfs
    100227    2   tcp   2049  nfs_acl
    100227    3   tcp   2049  nfs_acl
    100003    2   udp   2049  nfs
    100003    3   udp   2049  nfs
    100003    4   udp   2049  nfs
    100227    2   udp   2049  nfs_acl
    100227    3   udp   2049  nfs_acl
    100021    1   udp  38286  nlockmgr
    100021    3   udp  38286  nlockmgr
    100021    4   udp  38286  nlockmgr
    100021    1   tcp  56953  nlockmgr
    100021    3   tcp  56953  nlockmgr
    100021    4   tcp  56953  nlockmgr
    100005    1   udp  53364  mountd
    100005    1   tcp  38796  mountd
    100005    2   udp  53364  mountd
    100005    2   tcp  38796  mountd
    100005    3   udp  53364  mountd
    100005    3   tcp  38796  mountd

Long story short:
I set rpc.mount port to 892
added below rule to iptables

-A INPUT -m state --state NEW -m tcp -p tcp --dport 892 -j ACCEPT

And rebooted nfs server

My showmount command started to work.
Byproduct of this is that now I can browse and automount shares via autofs from the client.
Previously it was impossible due to showmount returning error.

PS: After I did all this I found that it’s actually documented on the
RedHat documentation portal.

This entry was posted in Linux, Uncategorized and tagged . Bookmark the permalink.

3 Responses to showmount rpc mount export: RPC: Unable to receive; errno = No route to host

  1. Gonzalo says:

    Hello, my solution was to configure the firewall, give entry and exit permits to the ip of the computers that are connecting to the server, both the client firewall and the server.

    regards

  2. Samuel says:

    Great, it works for me, the gonzalo’s solutions works fine but you do it more fanzy. xD.

    Great job.

  3. Suresh says:

    This post was very helpful. Thank you for the step by step troubleshooting.

Leave a Reply

Your email address will not be published. Required fields are marked *