Setting up a Fedora NFS server

Setting up a Linux NFS (Network File System) server has never been anything challenging. However there are a few security issues worth having a look at: especiall the firewall-part of the business.

In the following guide, we are going to have a look at a convenient way of creating an NFS server from behind Fedora’s built-in iptables firewall.

Setting up the NFS Configuration files

/etc/exports

The /etc/exports file is for storing information about your NFS shares: the name of the folder to share, the IP address(es) of hosts to access your share and the rights connected to your share.

A typical /etc/exports file should look like this:

/usr/local   192.168.0.1(ro) 192.168.0.2(ro)
/home        192.168.0.1(rw) 192.168.0.2(rw)

An exports file consists of 2 columns and at least 1 row.

Each row corresponds to a folder (a share, if you like), where the columns contain the settings to the folder of their row.

The first column contains the full path on the computer to the folder you wish to share, the second column is for the IP addresses of the hosts you are sharing to. The letters in brackets are for the privileges. For example, ro stands for “read only” and rw is for “read and write”. For further options, you might want to visit http://nfs.sourceforge.net/nfs-howto/ar01s03.html.

In the example, you are sharing your /usr/local and your /home folder to 192.168.0.1 and 192.168.0.2. Both machines have read-only privileges on the first, and read and write priviliges on the second folder.

/etc/hosts.deny

This file is for listing the hosts that are not allowed to access your shares. As the /etc/hosts.allow (see the next title) overwrites this file it is best to list all servers here. Enter the following to this file:

portmap:ALL
lockd:ALL
mountd:ALL
rquotad:ALL
statd:ALL

With your /etc/hosts.deny set like this and without an /etc/hosts.allow, no machines are allowed to see your NFS shares.

/etc/hosts.allow

To allow your machine(s) to access your NFS shares, add the following lines to your file, and replace the IPs with the IP(s) of your machine(s).

portmap: 192.168.0.1 , 192.168.0.2
lockd: 192.168.0.1 , 192.168.0.2
rquotad: 192.168.0.1 , 192.168.0.2
mountd: 192.168.0.1 , 192.168.0.2
statd: 192.168.0.1 , 192.168.0.2

If you have only one machine to grant access to, delete the comma and the numbers behind.

Setting up NFS to work from behind Fedora’s iptables firewall

/etc/sysconfig/nfs

This file controls the ports which NFS is going to use. Copy the following lines into the file. Doing so is not a security risk, as you are likely to be behind a router (if you want to use network file sharing), and this doesen’t (yet) mean opening the ports in the firewall.

LOCKD_TCPPORT=48620
LOCKD_UDPPORT=48620
MOUNTD_PORT=48621
STATD_PORT=48622
RQUOTAD=no
RQUOTAD_PORT=48623

Getting configuration files (tested on Fedora Core 5)

Download and save these configuration files to a tool folder in your home.

nfs_firewallopen (used to open your firewall for nfs and portmap ports)
nfs_servicestart (used to start nfs services)
nfstart (to execute the 2 scripts above)
nfs_firewallclose (used to close your opened nfs and portmap ports)
nfs_servicestop (used to stop nfs services)
nfstop (to execute the 2 scripts above)

To get NFS working on your server, init the nfstart script by typing with root privileges

sh ~/tool/nfstart

For setting up an NFS client, see http://nfs.sourceforge.net/nfs-howto/ar01s04.html.

Like this:

Be the first to like this post.

~ by bmb on 2006 August 17.

Posted in Fedora installation, Linux networking

19 Responses to “Setting up a Fedora NFS server”

[...] NFS server for Ubuntu [...]

Living Better BLOG » Installing Ubuntu or Fedora via PXE Netboot said this on 2007 June 14 at 4:03 am | Reply
[...] a look here and here for guides on how to setup [...]

nfs - Linux Forums said this on 2007 August 30 at 10:12 am | Reply
[...] That’s all I had to do, but for more information check here. [...]

NFS in Fedora 7 (and iptables) « Webcitizen FelipeC said this on 2007 September 13 at 2:55 pm | Reply
This articla assumes that the ip addresses of the client systems are known ahead of time. What do we do in the case of DHCP based dynamic clients?

srini said this on 2007 December 19 at 2:41 pm | Reply
very interesting.
i’m adding in RSS Reader

music said this on 2008 January 9 at 3:49 am | Reply
[...] nfs seems to start its various services on random ports (sigh)… still I found a good post here which got me through [...]

The Captain’s Log » Blog Archives » NFS and iptables said this on 2008 January 21 at 11:32 am | Reply
[...] http://jakilinux.org/administracja/nfs-network-file-system-czyli-pingwiny-sobie-rozmawiaja/ oraz http://fconfig.wordpress.com/2006/08/17/setting-up-a-fedora-nfs-server/ #arkayne { clear: both; }_title_font = ‘arial’;_title_color = ’000000′;_title_background = [...]

Jak udostępniać pliki w linuksie , How to share files in linux | Tak programistycznie, in Polish and English said this on 2008 March 13 at 10:46 am | Reply
hoi ribut be

reka said this on 2008 April 14 at 8:53 am | Reply
bagus

reka said this on 2008 April 14 at 8:56 am | Reply
bagus banget

reka said this on 2008 April 14 at 9:01 am | Reply
maap

reka said this on 2008 April 14 at 9:23 am | Reply
[...] fconfig.wordpress.com/2006/08/17/setting-up-a-fedora-nfs-server/: 276 [...]

100,000 views, and some stats « Felipe Contreras said this on 2009 March 19 at 10:56 pm | Reply
[...] Setting up a Fedora NFS Server [...]

NFS, Compartiendo archivos en red | La Comunidad DragonJAR said this on 2009 August 22 at 9:09 pm | Reply
hi nfs used user authorized with web using php how to ?

999 said this on 2009 October 24 at 7:45 am | Reply
[...] think I got all the information I needed between these two links: http://fconfig.wordpress.com/2006/08/17/setting-up-a-fedora-nfs-server/ [...]

dev.enekoalonso.com » Got NFS working said this on 2010 February 7 at 5:21 am | Reply
YakuYaku, a young translation community is looking for new freelance translators to join its list of translators. Assignments are then distributed depending on several factors forｲprofessional translation services. The quantity of available jobs depends on the number of visitors
and you will get an alarm whenever a new job with the languages you work with is live.
Apart from jobs postions, To assist you in your work, resources are provided and links to useful external resources.
Translators who need help can enter our forum and ask for our pro members’ expertise..

Professional Translation Services said this on 2010 November 4 at 4:41 am | Reply
I tried this method on a gentoo machine,it mounts but:
ls: cannot open directory /home/earthy/asinn/: Permission denied
and when I check with ls -l :
ls -l /home/earthy/
total 794027
drwx—— 61 500 500 4096 Mar 27 2011 asinn
I cannot change it with root nor user so it is a useless mount.
I know this is very old post but it seems to work for me up to that last point.

ea said this on 2011 March 27 at 12:52 pm | Reply
The links here are not working. Where can I download these configuration files:

■nfs_firewallopen (used to open your firewall for nfs and portmap ports)
■nfs_servicestart (used to start nfs services)
■nfstart (to execute the 2 scripts above)
■nfs_firewallclose (used to close your opened nfs and portmap ports)
■nfs_servicestop (used to stop nfs services)
■nfstop (to execute the 2 scripts above)

Thanks!

roy said this on 2011 May 17 at 12:28 pm | Reply
nfs server

soumen pal said this on 2012 February 24 at 3:09 pm | Reply

myfedora