NFS-server "unmatched host"

Hello. I’ve been trying to set up a NFS-server with the NFS-service from nixpkgs. This is my NFS Nix configuration:

{ config, lib, pkgs, ... }:
{
  fileSystems."/export/home" = {
    device = "/home";
    options = [ "bind" ];
  };
  fileSystems."/export/mnt" = {
    device = "/mnt/test";
    options = [ "bind" ];
  };
  services.nfs.server = {
    enable = true;
    exports = ''
      /export      192.168.0.0/24(rw,anonuid=1000,anongid=100,no_subtree_check,root_squash,crossmnt)
      /export/home  192.168.0.0/24(rw,anonuid=1000,anongid=100,no_subtree_check,root_squash,crossmnt)
    '';
    lockdPort = 4001;
    mountdPort = 4002;
    statdPort = 4000;
    extraNfsdConfig = '''';
  };
  networking.firewall = {
    enable = true;
      # for NFSv3; view with `rpcinfo -p`
    allowedTCPPorts = [ 111 2049 4000 4001 4002 20048 ];
    allowedUDPPorts = [ 111 2049 4000 4001 4002 20048 ];
  };
}

but I get a “access denied by server” on another NixOS machine, and “Network Error - 53” on Windows, which basically means the same.

My permissions for the export directory are according to the wiki:

$ ls -la /export
total 16
drwxr-xr-x  4 nobody nogroup 4096  7 jan 15:11 .
drwxr-xr-x 22 root   root    4096  5 jan 17:21 ..
drwxr-xr-x  3 root   root    4096  5 jan 16:06 home
drwxr-xr-x  2 root   root    4096  7 jan 15:10 mnt

All the “nfs-*”-services say nothing of note, except “nfs-mountd”:

nfs-mountd.service - NFS Mount Daemon
     Loaded: loaded (/etc/systemd/system/nfs-mountd.service; linked; preset: ignored)
    Drop-In: /nix/store/4dwi1bjchsr2dxi9v87agi8dml955z3x-system-units/nfs-mountd.service.d
             └─overrides.conf
     Active: active (running) since Tue 2025-01-07 17:41:19 CET; 7min ago
 Invocation: b2718f7db4c344e0b9067e223c350623
       Docs: man:rpc.mountd(8)
    Process: 167400 ExecStartPre=/nix/store/vzp4qs8zlw9xpmzddysdnwwbpyk666sp-unit-script-nfs-mountd-pre-start/bin/nfs-mountd-pre-start (code=exited, status=0/SUCCESS)
    Process: 167416 ExecStart=/nix/store/lnsigv83sx8xbaw62vpb7zxhvs1p7a3m-nfs-utils-2.7.1/bin/rpc.mountd (code=exited, status=0/SUCCESS)
   Main PID: 167425 (rpc.mountd)
         IP: 1.6K in, 984B out
         IO: 0B read, 0B written
      Tasks: 1 (limit: 115821)
     Memory: 712K (peak: 1.8M)
        CPU: 30ms
     CGroup: /system.slice/nfs-mountd.service
             └─167425 /nix/store/lnsigv83sx8xbaw62vpb7zxhvs1p7a3m-nfs-utils-2.7.1/bin/rpc.mountd

jan 07 17:41:31 nixos rpc.mountd[167425]: refused mount request from 192.168.0.146 for /export/home (/export/home): unmatched host
jan 07 17:41:31 nixos rpc.mountd[167425]: refused mount request from 192.168.0.146 for /export (/export): unmatched host
jan 07 17:41:31 nixos rpc.mountd[167425]: refused mount request from 192.168.0.146 for /export/home (/export/home): unmatched host
jan 07 17:41:36 nixos rpc.mountd[167425]: refused mount request from 192.168.0.31 for /export/home (/export/home): unmatched host
jan 07 17:41:41 nixos rpc.mountd[167425]: refused mount request from 192.168.0.146 for /export/home (/export/home): unmatched host
jan 07 17:41:41 nixos rpc.mountd[167425]: refused mount request from 192.168.0.146 for /export (/export): unmatched host
jan 07 17:41:41 nixos rpc.mountd[167425]: refused mount request from 192.168.0.146 for /export/home (/export/home): unmatched host
jan 07 17:41:45 nixos rpc.mountd[167425]: refused mount request from 192.168.0.146 for /home (/home): unmatched host
jan 07 17:41:45 nixos rpc.mountd[167425]: refused mount request from 192.168.0.146 for /home (/home): unmatched host
jan 07 17:41:51 nixos rpc.mountd[167425]: refused mount request from 192.168.0.31 for /home (/home): unmatched host

But I can’t for the life of me figure out what it means by unmatched host? My Nix configuration clearly states 192.168.0.0/24.

Would be lovely if anyone would like to help, thanks :slight_smile:

Normally unmatched host just means that the client is not in the allowed network range, but that’s not the case here. Your configuration is also effectively the same as mine and it works without problems for me.
Have you tried if exporting to a single ip works (that’s the only major difference i can spot) i.e /export 192.168.0.146(...)?
I could also imagine that NFS doesn’t work with bindfs mounts for some reason.

Hello, this is OP. Thanks for helping.
I did try setting a specific host like you mentioned, but I get the same error.
How would I test the NFS share without using bindmounts? The wiki just used bindmounts for their example, so I assumed it wouldn’t be an issue.

There is nothing stopping you from exporting /home directly. If the wiki uses bind-mounts it’s probably fine unless there are some serious regressions in NFS. Otherwise some of the parameters could also be the cause. Here is my config just for completeness:

    services.nfs.server = {
      enable = true;
      lockdPort = 4001;
      mountdPort = 4002;
      statdPort = 4000;
      exports = ''
        /mnt/nas/    192.168.0.1(rw,fsid=0,no_subtree_check)
      '';
    };

(yes i know not really the best security practice [it’s NFS], but the system lives 25cm of patchcable away from my PC in it’s own network)

1 Like

Yeah I tried matching your config but still nothing works. No matter what IP I enter or what directory I’m exporting, I still get a: nixos rpc.mountd[466966]: refused mount request from <client IP> for <export>: unmatched host.
The problems gotta be something else. Since it just refuses every host, no matter what I’m mounting on my client.