Setting up a Fedora NFS server

Setting up a Linux NFS (Network File System) server has never been anything challenging. However there are a few security issues worth having a look at: especiall the firewall-part of the business.

In the following guide, we are going to have a look at a convenient way of creating an NFS server from behind Fedora’s built-in iptables firewall.

Setting up the NFS Configuration files

/etc/exports

The /etc/exports file is for storing information about your NFS shares: the name of the folder to share, the IP address(es) of hosts to access your share and the rights connected to your share.

A typical /etc/exports file should look like this:

/usr/local   192.168.0.1(ro) 192.168.0.2(ro)
/home        192.168.0.1(rw) 192.168.0.2(rw)

An exports file consists of 2 columns and at least 1 row.

Each row corresponds to a folder (a share, if you like), where the columns contain the settings to the folder of their row.

The first column contains the full path on the computer to the folder you wish to share, the second column is for the IP addresses of the hosts you are sharing to. The letters in brackets are for the privileges. For example, ro stands for “read only” and rw is for “read and write”. For further options, you might want to visit http://nfs.sourceforge.net/nfs-howto/ar01s03.html.

In the example, you are sharing your /usr/local and your /home folder to 192.168.0.1 and 192.168.0.2. Both machines have read-only privileges on the first, and read and write priviliges on the second folder.

/etc/hosts.deny

This file is for listing the hosts that are not allowed to access your shares. As the /etc/hosts.allow (see the next title) overwrites this file it is best to list all servers here. Enter the following to this file:

portmap:ALL
lockd:ALL
mountd:ALL
rquotad:ALL
statd:ALL

With your /etc/hosts.deny set like this and without an /etc/hosts.allow, no machines are allowed to see your NFS shares.

/etc/hosts.allow

To allow your machine(s) to access your NFS shares, add the following lines to your file, and replace the IPs with the IP(s) of your machine(s).

portmap: 192.168.0.1 , 192.168.0.2
lockd: 192.168.0.1 , 192.168.0.2
rquotad: 192.168.0.1 , 192.168.0.2
mountd: 192.168.0.1 , 192.168.0.2
statd: 192.168.0.1 , 192.168.0.2

If you have only one machine to grant access to, delete the comma and the numbers behind.

Setting up NFS to work from behind Fedora’s iptables firewall

/etc/sysconfig/nfs

This file controls the ports which NFS is going to use. Copy the following lines into the file. Doing so is not a security risk, as you are likely to be behind a router (if you want to use network file sharing), and this doesen’t (yet) mean opening the ports in the firewall.

LOCKD_TCPPORT=48620
LOCKD_UDPPORT=48620
MOUNTD_PORT=48621
STATD_PORT=48622
RQUOTAD=no
RQUOTAD_PORT=48623

Getting configuration files (tested on Fedora Core 5)

Download and save these configuration files to a tool folder in your home.

• nfs_firewallopen (used to open your firewall for nfs and portmap ports)
• nfs_servicestart (used to start nfs services)
• nfstart (to execute the 2 scripts above)
• nfs_firewallclose (used to close your opened nfs and portmap ports)
• nfs_servicestop (used to stop nfs services)
• nfstop (to execute the 2 scripts above)

To get NFS working on your server, init the nfstart script by typing with root privileges

sh ~/tool/nfstart

For setting up an NFS client, see http://nfs.sourceforge.net/nfs-howto/ar01s04.html.

---

Possibly related posts: (automatically generated)

• NFS between ubuntu servers
• OLPC School Server (XS Software)
• How to setup NFS cluster server

~ by bmb on 2006 August 17.