NFS Server Config

NFS Server Config

 

Download and install the nfsutils etc... or use your yum repo like i did:

yum -c http://yum.pvalentino.lan/repository/patch/current/rhel5-x86_64.conf -y install nfs* portmap

 

Turn Services on Automatically at boot:

chkconfig portmap on

chkconfig rpcidmapd on

chkconfig nfslock on

chkconfig nfs on

 

Start Services: 

service portmap start

service rpcidmapd start

service nfslock start

service nfs restart

 

Create /etc/exports on nfs server with:

/export/backup  client.domain.lan(rw,sync)  #sync option is highly recommended

or a home directory

/home/nfsuser    *.sysxperts.com(rw,sync)

......


options ro=read only, sync=only respond once changes have been committed to stable storage, root_squash=prevent remote root access to root owned files by mapping to nfsnobody account

 

Start NFS: 

service nfs start

 

On client:

in /etc/fstab add the following line

nfsserver:/export/backup     /backup     nfs     rw     0 2

 

Mount the nfs share with:

sudo mount -a


  • portmap maps calls made from remote machines to the correct RPC service port
  • nfs translates NFS requests to local filesystem requests
  • rpc.mountd mount and unmounts filesystems

To verify NFS services:

rpcinfo -p
service portmap status
service nfs status

To verify remote NFS services:

rpcinfo -p servername
exportfs -r refreshes the server's share list after /etc/exports has been updated
exportfs -v displays list of shares and options
exportfs -a exports all shares or the share passed as an argument to the command
exportfs -u unexports all shares or the share specified
showmount -e host shows the available shares on host

To ease firewall management portmap and NFS can be forced to use static ports as follows:
mountd, statd, and lockd can all have static ports defined in /etc/sysconfig/nfs by adding:

MOUNTD_PORT="4442"
STATD_PORT="4443"
LOCKD_TCPPORT="4444"
LOCKD_UDPPORT="4444"
RQUOTAD_PORT="4445"
STATD_OUTGOING_PORT="4446"

tcp and udp stateful for tunneling SSL

Mounting NFS shares with autofs:

add to /etc/auto.master
/data /etc/auto.data --timeout=600

add to /etc/auto.data
myfolder             -fstype=nfs,hard,nolock,vers=3,proto=tcp,bg,rsize=32768,wsize=32768,timeo=600,intr  myserver:/myfolder

IPTABLES for NFS

    just after the ESTABLISHED,RELATED entry in /etc/sysconfig/iptables add:
    
    -A FIREWALL-INPUT -s 10.1.4.0/24 -p tcp --dport 111 -j ACCEPT
    -A FIREWALL-INPUT -s 10.1.4.0/24 -p udp --dport 111 -j ACCEPT
    -A FIREWALL-INPUT -s 10.1.4.0/24 -p tcp --dport 4442:4446 -j ACCEPT
    -A FIREWALL-INPUT -s 10.1.4.0/24 -p udp --dport 4442:4446 -j ACCEPT
    -A FIREWALL-INPUT -s 10.1.4.0/24 -p tcp --dport 2049 -j ACCEPT
    -A FIREWALL-INPUT -s 10.1.4.0/24 -p udp --dport 2049 -j ACCEPT

    and restart firewall:
    service iptables restart

TCP_Wrappers for NFS

    in /etc/hosts.allow add:
    portmap:  10.1.4.    #allows machines on 10.1.4.x subnet to connect

Common problems occur when userid's are not synchronized between the NFS clients and NFS servers.  Typically this is handled by using LDAP, NIS, or 3rd party tools such as Quest Authentication Services for Active Directory integration.  see http://rc.quest.com or my notes on setting up QAS


Posted by Paul Valentino

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)