Setting up a Fedora NFS server
Setting up a Linux NFS (Network File System) server has never been anything challenging. However there are a few security issues worth having a look at: especiall the firewall-part of the business.
In the following guide, we are going to have a look at a convenient way of creating an NFS server from behind Fedora’s built-in iptables firewall.
Setting up the NFS Configuration files
The /etc/exports file is for storing information about your NFS shares: the name of the folder to share, the IP address(es) of hosts to access your share and the rights connected to your share.
A typical /etc/exports file should look like this:
/usr/local 192.168.0.1(ro) 192.168.0.2(ro) /home 192.168.0.1(rw) 192.168.0.2(rw)
An exports file consists of 2 columns and at least 1 row.
Each row corresponds to a folder (a share, if you like), where the columns contain the settings to the folder of their row.
The first column contains the full path on the computer to the folder you wish to share, the second column is for the IP addresses of the hosts you are sharing to. The letters in brackets are for the privileges. For example, ro stands for “read only” and rw is for “read and write”. For further options, you might want to visit http://nfs.sourceforge.net/nfs-howto/ar01s03.html.
In the example, you are sharing your /usr/local and your /home folder to 192.168.0.1 and 192.168.0.2. Both machines have read-only privileges on the first, and read and write priviliges on the second folder.
This file is for listing the hosts that are not allowed to access your shares. As the /etc/hosts.allow (see the next title) overwrites this file it is best to list all servers here. Enter the following to this file:
portmap:ALL lockd:ALL mountd:ALL rquotad:ALL statd:ALL
With your /etc/hosts.deny set like this and without an /etc/hosts.allow, no machines are allowed to see your NFS shares.
To allow your machine(s) to access your NFS shares, add the following lines to your file, and replace the IPs with the IP(s) of your machine(s).
portmap: 192.168.0.1 , 192.168.0.2 lockd: 192.168.0.1 , 192.168.0.2 rquotad: 192.168.0.1 , 192.168.0.2 mountd: 192.168.0.1 , 192.168.0.2 statd: 192.168.0.1 , 192.168.0.2
If you have only one machine to grant access to, delete the comma and the numbers behind.
Setting up NFS to work from behind Fedora’s iptables firewall
This file controls the ports which NFS is going to use. Copy the following lines into the file. Doing so is not a security risk, as you are likely to be behind a router (if you want to use network file sharing), and this doesen’t (yet) mean opening the ports in the firewall.
LOCKD_TCPPORT=48620 LOCKD_UDPPORT=48620 MOUNTD_PORT=48621 STATD_PORT=48622 RQUOTAD=no RQUOTAD_PORT=48623
Getting configuration files (tested on Fedora Core 5)
Download and save these configuration files to a tool folder in your home.
- nfs_firewallopen (used to open your firewall for nfs and portmap ports)
- nfs_servicestart (used to start nfs services)
- nfstart (to execute the 2 scripts above)
- nfs_firewallclose (used to close your opened nfs and portmap ports)
- nfs_servicestop (used to stop nfs services)
- nfstop (to execute the 2 scripts above)
To get NFS working on your server, init the nfstart script by typing with root privileges
For setting up an NFS client, see http://nfs.sourceforge.net/nfs-howto/ar01s04.html.