1

I bet this is a permissions issue, but I can't figure it out.

Overview

So I have an EC2 VM Instance set up according to Amazon instructions. The VM instance is running at IP 18.212.some.thing (not really but you get the point).

I have set up a Storage Gateway (with default settings). The Storage Gateway is connected to a file share S3 bucket with name 'tobetest' (let's say, but not really). The File Share is (supposedly) exposed as IP: 172.32.other.thing

Failure

Now the instructions on AWS just tell me to mount the file share using the mount command in windows: mount -o nolock 172.32.other.thing:/tobetest [WindowsDriveLetter]: but every time I do I get an error Network Error - 53: The network path was not found.

Security Settings

So at first I limited access to the File Share by setting Allowed clients to just my IP: 178.21.goo.get/32. I also limited access to the VM Instance by assigning a security group to it which allowed only inbound port 2049 (the NFS port, according to the settings editor in AWS console) to my IP.

When that didn't work I tried updating the security group (for the VM) to allow inbound on port 2049 to 0.0.0.0/0. I also tried changing the file share settings to allow clients from 0.0.0.0/0.

It still doesn't work, I still get Network Error 53.

Other attempts

For fun, I tried to do a SMB share but I didn't have any luck with that either. I set it up as guest account and then when I tried to net use it I got an error: "There are currently no logon servers available to service the logon request"

I gave up on SMB as that is not what we want to use.

Conclusion?

So does anyone have any idea why the NFS share is not found? All the security settings I can think of are not restricting any access.

I can SSH into the Storage Gateway if I use the 18.212.some.thing IP, but I don't know if I can verify the file share from there somehow? To verify that it's actually being served, or something?

Community
  • 1
  • 1
gakera
  • 3,589
  • 4
  • 30
  • 36
  • Is there some "lag" time before the file share will become available? Will this work tomorrow? – gakera Sep 13 '18 at 16:54
  • I would turn VPC Flow Logs on (https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html) to see what is happening there on the network level. – Lech Migdal Sep 14 '18 at 07:26
  • I did that and the only entries I can see are ACCEPT OK to/from my IP to the (apparently private) 172.32.other.thing IP. The ports (if I'm reading the logs correctly) indicate 22 for when I ssh into the 18.212.some.thing IP (the Network Interface in EC2 shows that the public IP is 18.212.some.thing and the private IP is the 172.32.other.thing for the same network interface). It does show a reject on port 111, so maybe I have to fix that, lemme check – gakera Sep 14 '18 at 10:05

2 Answers2

1

Ok, it seems that the instructions on the AWS documentation are missing a few ports that need to be allowed in order for NFS to work. Their "NFS" inbound rule template only opens port 2049, but I had to create additional custom TCP rules to allow incoming port 111 and 20048. After that it works!

gakera
  • 3,589
  • 4
  • 30
  • 36
  • Port requirements are listed here: https://docs.aws.amazon.com/storagegateway/latest/userguide/Requirements.html#networks – Massimo Sep 14 '18 at 13:18
0

Unfortunately the AWS documentation omits quite a few things and I found it better to build the EC2 instance separately from the File Gateway build as this then allows you to choose a AWS-Storage-gateway AMI (I just chose the latest). When the EC2 instance is built you can then pass the public IP address to the Gateway build. This will be 18.212.etc as per above, but when the gateway is complete it then shows the IP as the private EC2 IP address in the details - and the example. Ignore this and substitute the EC2 public IP address in the example to get it to work. After building the EC2, you will need to create and link an IAM role which grants the instance access to your S3 bucket(s) in order to get the shares to work. I used SMB to connect my W10 PC as a guest which worked fine.

Graham Else
  • 1