Installation
yum groupinstall nfs-file-server
To get nfs to work we need to install and start rpcbind and nfslock. Double check that is done.
chkconfig rpcbind on
service rpcbind restart
chkconfig nfslock on
service nfslock restart
Now we are ready to start NFS.
service nfs restart
Finally lets test our new NFS server.
showmount -e 127.0.0.1
This will return a empty export list, without error.
Firewall
To be able to access NFS exports remotely, we need to open certain ports in the firewall. To investigate which one, we use the command rpcinfo.
rpcinfo -p
This will return quite some ports. To lock down which port that are used please uncomment all ports in NFS conf file.
$ grep -i port /etc/sysconfig/nfs
RQUOTAD_PORT=875
LOCKD_TCPPORT=32803
LOCKD_UDPPORT=32769
MOUNTD_PORT=892
STATD_PORT=662
STATD_OUTGOING_PORT=2020
RDMA_PORT=20049
Now restart NFS service and lets start open ports.
service nfs restart
And after opening all ports the iptables should look like.
$ iptables -vnL --line-numbers
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 1540 127K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
3 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
4 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:111
5 1 84 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:111
6 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:60584
7 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:56907
8 1 60 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:892
9 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:892
10 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2049
11 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:2049
12 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:32769
13 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:32803
14 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4
15 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 122 packets, 17748 bytes)
num pkts bytes target prot opt in out source destination
Test your new firewall configuration by from remote client execute command.
showmount -e 192.168.1.15
Configuration
After we have successfully configured the firewall, lets back to our server and configure NFS export directories. We start with creating a new directory, that we will exports.
mkdir /exports
chmod 777 /exports/
Now configure NFS to export it.
$ vi /etc/exports
/exports 192.168.1.0/24(rw,sync) 127.0.0.1(rw,sync)
To apply the new changes run
exportfs -r
And to list current exports
$ exportfs -v
/exports 192.168.1.0/24(rw,wdelay,root_squash,no_subtree_check)
/exports 127.0.0.1(rw,wdelay,root_squash,no_subtree_check)
Test
From a second machine on the same LAN, test connectivity to NFS server (192.168.1.15).
showmount -e 192.168.1.15
The simplest way to test read and write is to use the automounting functionality.
echo "Hello" >> /net/192.168.1.15/exports/foo.txt
No comments:
Post a Comment