could use some troubleshooting tips

Frank Lenaerts lenaerts.frank at pandora.be
Thu Jul 1 21:18:56 CEST 2004 

On Thu, Jul 01, 2004 at 11:06:15AM -0500, Seth Galitzer wrote:
> Here's one more bit of info: the mount point on the master where I mount
> the debian mirror via nfs is /mnt/mirror.  The subdirectory where the
> mirror repository is located is "debian".  So once you mount the mirror,
> the full path to the repository is /mnt/mirror/debian.  This is the path
> I'm trying to export.

Exporting /mnt/mirror/debian would be possible if this was a separate
local filesystem or a subdirectory of a local filesystem. 

> I've been playing aorund with the export directories.  If I change the
> export path to /mnt/mirror, I get the same "Invalid argument" error when
> trying to export it to a single IP.  But if I change it to /mnt, then
> the error is not returned.  Once I figured this out, I tried mounting
> that remotely.  I can do that and see down to /mnt/mirror (from the
> remote machine) but I can't see anything below that, ie the mirror
> repository.
> 
> Can you not "double-dip" NFS in this manner (remote-mount a

You can export only local filesystems. If this were not the case, the
minimal protections would be useless.

I can't check it right away, but the output of a showmount -e <master>
could indicate that the filesystem could not be exported.

> remote-mount)?  If that's the case, then what do I need to do to be able
> to use my existing debian mirror as the source for building child nodes
> without routing through to the outside network?

I actually don't see why you do not want <master> to route. You're
using NFS on the so called external side but I guess this is not the
Internet.

AFAIK, there is no such thing as an NFS proxy server.

The main point is that you have to be able to get from the client
network to the mirror server through a router (e.g. master). If client
and mirror are on separate networks, you need an router. If you don't
want this router to pass everything, you will have to use firewall
rules on this router. To limit the number of firewall rules, you could
maybe (don't ask me how) change the FAI client setup to access the
mirror server via some tunnel.

> Thanks again.

cu,

> Seth

-- 
lenaerts.frank at pandora.be

gpg fingerprint: A41E A399 5160 BAB9 AEF1  58F2 B92A F4AB 9FFB 3707
gpg key id: 9FFB3707

Those who do not understand Unix are condemned to reinvent it, poorly."
-- Henry Spencer

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://lists.uni-koeln.de/pipermail/linux-fai/attachments/20040701/b809098d/attachment.bin

More information about the linux-fai mailing list