April 22, 2014

How to Install and Configure NFS Sharing on RHEL 6

Installation

yum groupinstall nfs-file-server

To get nfs to work we need to install and start rpcbind and nfslock. Double check that is done.

chkconfig rpcbind on
service rpcbind restart

chkconfig nfslock on
service nfslock restart

Now we are ready to start NFS.

service nfs restart

Finally lets test our new NFS server.

showmount -e 127.0.0.1

This will return a empty export list, without error.

Firewall

To be able to access NFS exports remotely, we need to open certain ports in the firewall. To investigate which one, we use the command rpcinfo.

rpcinfo -p

This will return quite some ports. To lock down which port that are used please uncomment all ports in NFS conf file.

$ grep -i port /etc/sysconfig/nfs
RQUOTAD_PORT=875
LOCKD_TCPPORT=32803
LOCKD_UDPPORT=32769
MOUNTD_PORT=892
STATD_PORT=662
STATD_OUTGOING_PORT=2020
RDMA_PORT=20049 

Now restart NFS service and lets start open ports.

service nfs restart

And after opening all ports the iptables should look like.

$ iptables -vnL --line-numbers
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1     1540  127K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
2        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
3        0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
4        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:111 
5        1    84 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:111 
6        0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:60584 
7        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:56907 
8        1    60 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:892 
9        0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:892 
10       0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:2049 
11       0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:2049 
12       0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:32769 
13       0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:32803 
14       0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 4 
15       0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT 122 packets, 17748 bytes)
num   pkts bytes target     prot opt in     out     source               destination    

Test your new firewall configuration by from remote client execute command.

showmount -e 192.168.1.15

Configuration

After we have successfully configured the firewall, lets back to our server and configure NFS export directories. We start with creating a new directory, that we will exports.

mkdir /exports
chmod 777 /exports/

Now configure NFS to export it.

$ vi /etc/exports
/exports 192.168.1.0/24(rw,sync) 127.0.0.1(rw,sync)

To apply the new changes run

exportfs -r

And to list current exports

$ exportfs -v
/exports       192.168.1.0/24(rw,wdelay,root_squash,no_subtree_check)
/exports       127.0.0.1(rw,wdelay,root_squash,no_subtree_check)

Test

From a second machine on the same LAN, test connectivity to NFS server (192.168.1.15).

showmount -e 192.168.1.15

The simplest way to test read and write is to use the automounting functionality.

echo "Hello" >> /net/192.168.1.15/exports/foo.txt

No comments: