Fedora 22 and firewall zones
On Fedora 22 the firewall has so called zones. It's quite a nice feature. You can have different configurations of firewall for each zone and you can simply assign network interfaces and network connections into the zones.You can for example assign your wifi connection at home into to zone "home" and when you are on a public wifi, you will assign that connection to the "public" zone which will be probably more strict.
My configuration for virtualbox (vagrant)
On my notebook I got zone "internal" and in this zone I have enabled services for NFS server (mountd, rpc-bind, nfs) which I use from the virtual machine as a client.
In this zone I got only network interfaces which are created by virtualbox for the virtual machines. They are named "vboxnet0", "vboxnet1".
In the past when I started the virtual machine (vagrant up) the network interface vboxnet0 appeared in the firewall configuration gui (firewall-config) and after I assigned it once into the internal zone it remained there.
Vagrant mounting of NFS folder
After one recent update of Fedora22 packages it happened that the vboxnet0 and vboxnet1 disappeared from the firewall configuration and therefore mounting of NFS folder stucked.It stucked after "vagrant up;vagrant ssh", the terminal looked like this:
==> default: Checking for guest additions in VM...
==> default: Configuring and enabling network interfaces...
==> default: Exporting NFS shared folders...
...
...
==> default: Mounting NFS shared folders...
Because I already had some troubles with the firewall in the past, the first thing which I did was that I've stopped the firewall for a minute and as the mounting continued I knew that the problem is in the firewall.
Fixing the firewall configuration
After opening the firewall configuration GUI (firewall-cmd) I saw that the vboxnet0 interface is not in the internal zone and unfortunately was not there at all and I was not able to create it (in the past it was always there)
Luckily the firewall got also command line tool for configuration - firewall-cmd.
In the man pages you can find commands for listing interfaces and zones and also other useful commands for firewall configuration including the command adding an interface into a zone.
So simply with the commands
sudo firewall-cmd --zone=internal --add-interface=vboxnet0
sudo firewall-cmd --zone=internal --add-interface=vboxnet1
I've added both virtualbox interfaces into the the internal zone. And the NFS mount command continued. Great, it's so simple :)
But, there is one more thing, which the firewall experienced guys probably suspect...
After I restarted my computer the NFS mount was hanging again. And by
sudo firewall-cmd --zone=internal --list-interfaces command I find out that the interfaces are not in the internal zone again. I told to myself - "I need to make those firewall settings permanent somehow". And what do you think... there is a "permament" parameter ;)
sudo firewall-cmd --permanent --zone=internal --add-interface=vboxnet0
So simple. Lesson learned - command line tools overpower the graphic ones ;)
Same solution which is described in the post for different terminal output:
ReplyDelete==> default: Waiting for machine to boot. This may take a few minutes...
default: SSH address: 127.0.0.1:2222
default: SSH username: vagrant
default: SSH auth method: private key
default: Warning: Connection timeout. Retrying...
default: Warning: Connection timeout. Retrying...
default: Warning: Connection timeout. Retrying...
default: Warning: Connection timeout. Retrying...
default: Warning: Connection timeout. Retrying...
Timed out while waiting for the machine to boot. This means that Vagrant was unable to communicate with the guest machine within the configured ("config.vm.boot_timeout" value) time period.