NFS server installation and configuration
Do following as root.
1. Download and install NFS rmp by using yum:
yum -y install nfs-utils rpcbind
2. Configure the server by specifing the shared directories, the IP address(es) of the hosts that have access to the shared directories and their rights (read-only, read+write etc) in the /etc/exports file. For example, /opt/rootfs.incaip2 is NFS share and a host with the IP address 192.168.0.97 can access to this share:
/opt/rootfs.incaip2 *(rw,async,no_root_squash)
or
/opt/rootfs.incaip2 192.168.0.0/24(rw,async,no_root_squash)
or
/opt/rootfs.incaip2 192.168.0.97(rw,async,no_root_squash)
To make this change in effect, invoke:
exportfs -rv
3. Copy files to your NFS share. For example, copy unpacked root file system, /tmp/
4. In order to prevent hosts from other networks from connecting any of the NFS-related daemons, edit /etc/hosts.deny file as follows:
lockd:ALL
mountd:ALL
rpcbind:ALL
rquotad:ALL
statd:ALL
5. In order to allow only the host with IP address of 192.168.0.97 to connect, add following lines to the /etc/hosts.allow file:
lockd:127.0.0.1,192.168.0.97
mountd:127.0.0.1,192.168.0.97
rpcbind:127.0.0.1,192.168.0.97
rquotad:127.0.0.1,192.168.0.97
statd:127.0.0.1,192.168.0.97
6. Specify fixed IP ports in use of NFS by adding following lines to the /etc/sysconfig/nfs file:
STATD_PORT=4000
LOCKD_TCPPORT=4001
LOCKD_UDPPORT=4001
MOUNTD_PORT=4002
RQUOTAD_PORT=4003
These are suggested ports to be used in NFS-related daemons.
Firewall configuration
7. Configure firewall to allow above selected TCP and UDP ports. To do so edit the /etc/sysconfig/iptables file, so that it contains following settings:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 111 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 2049 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 4000:4003 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 111 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 2049 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 4000:4003 -j ACCEPT
Make sure that these lines must be before COMMIT, otherwise they have no effect.
8. Once the changes are made to the firewall, restart it:
service iptables restart
Starting and verifying NFS services
9. With all of the changes made, the NFS daemons can be started up:
service rpcbind restart
service nfs restart
service nfslock restart
10. To make sure that everything is working properly, the RPC information can be checked by invoking:
rpcinfo -p
The similar information should be displayed as below:
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 4000 status
100024 1 tcp 4000 status
100011 1 udp 4003 rquotad
100011 2 udp 4003 rquotad
100011 1 tcp 4003 rquotad
100011 2 tcp 4003 rquotad
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100021 1 udp 4001 nlockmgr
100021 3 udp 4001 nlockmgr
100021 4 udp 4001 nlockmgr
100021 1 tcp 4001 nlockmgr
100021 3 tcp 4001 nlockmgr
100021 4 tcp 4001 nlockmgr
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100005 1 udp 4002 mountd
100005 1 tcp 4002 mountd
100005 2 udp 4002 mountd
100005 2 tcp 4002 mountd
100005 3 udp 4002 mountd
100005 3 tcp 4002 mountd
11. Verify that the selected directories are exported:
showmount -e
12. In order to verify that the selected TCP and UDP ports are being listened, invoke:
netstat -tauap
13. If everything is OK, make NFS services startable at boot time with following commands:
chkconfig portmap off
chkconfig nfs off
chkconfig nfslock off
chkconfig --level 345 portmap on
chkconfig --level 345 nfs on
chkconfig --level 345 nfslock on
Sources:
1. Setting up a Fedora NFS server
2. Fedora9: Quick NFS Server Howto setup NFS server fedora
3. F9 Network File System (NFS)
No comments:
Post a Comment