Setting up a Fedora NFS server

Setting up a Linux NFS (Network File System) server has never been anything challenging. However there are a few security issues worth having a look at: especiall the firewall-part of the business.

In the following guide, we are going to have a look at a convenient way of creating an NFS server from behind Fedora’s built-in iptables firewall.

Setting up the NFS Configuration files

/etc/exports

The /etc/exports file is for storing information about your NFS shares: the name of the folder to share, the IP address(es) of hosts to access your share and the rights connected to your share.

A typical /etc/exports file should look like this:

/usr/local   192.168.0.1(ro) 192.168.0.2(ro)
/home        192.168.0.1(rw) 192.168.0.2(rw)

An exports file consists of 2 columns and at least 1 row.

Each row corresponds to a folder (a share, if you like), where the columns contain the settings to the folder of their row.

The first column contains the full path on the computer to the folder you wish to share, the second column is for the IP addresses of the hosts you are sharing to. The letters in brackets are for the privileges. For example, ro stands for “read only” and rw is for “read and write”. For further options, you might want to visit http://nfs.sourceforge.net/nfs-howto/ar01s03.html.

In the example, you are sharing your /usr/local and your /home folder to 192.168.0.1 and 192.168.0.2. Both machines have read-only privileges on the first, and read and write priviliges on the second folder.

/etc/hosts.deny

This file is for listing the hosts that are not allowed to access your shares. As the /etc/hosts.allow (see the next title) overwrites this file it is best to list all servers here. Enter the following to this file:

portmap:ALL
lockd:ALL
mountd:ALL
rquotad:ALL
statd:ALL

With your /etc/hosts.deny set like this and without an /etc/hosts.allow, no machines are allowed to see your NFS shares.

/etc/hosts.allow

To allow your machine(s) to access your NFS shares, add the following lines to your file, and replace the IPs with the IP(s) of your machine(s).

portmap: 192.168.0.1 , 192.168.0.2
lockd: 192.168.0.1 , 192.168.0.2
rquotad: 192.168.0.1 , 192.168.0.2
mountd: 192.168.0.1 , 192.168.0.2
statd: 192.168.0.1 , 192.168.0.2

If you have only one machine to grant access to, delete the comma and the numbers behind.

Setting up NFS to work from behind Fedora’s iptables firewall

/etc/sysconfig/nfs

This file controls the ports which NFS is going to use. Copy the following lines into the file. Doing so is not a security risk, as you are likely to be behind a router (if you want to use network file sharing), and this doesen’t (yet) mean opening the ports in the firewall.

LOCKD_TCPPORT=48620
LOCKD_UDPPORT=48620
MOUNTD_PORT=48621
STATD_PORT=48622
RQUOTAD=no
RQUOTAD_PORT=48623
Getting configuration files (tested on Fedora Core 5)

Download and save these configuration files to a tool folder in your home.

To get NFS working on your server, init the nfstart script by typing with root privileges

sh ~/tool/nfstart

For setting up an NFS client, see http://nfs.sourceforge.net/nfs-howto/ar01s04.html.

About these ads

~ by barna on 2006 August 17.

19 Responses to “Setting up a Fedora NFS server”

  1. [...] NFS server for Ubuntu [...]

  2. [...] a look here and here for guides on how to setup [...]

  3. [...] That’s all I had to do, but for more information check here. [...]

  4. This articla assumes that the ip addresses of the client systems are known ahead of time. What do we do in the case of DHCP based dynamic clients?

  5. very interesting.
    i’m adding in RSS Reader

  6. [...] nfs seems to start its various services on random ports (sigh)… still I found a good post here which got me through [...]

  7. [...] http://jakilinux.org/administracja/nfs-network-file-system-czyli-pingwiny-sobie-rozmawiaja/ oraz http://fconfig.wordpress.com/2006/08/17/setting-up-a-fedora-nfs-server/ #arkayne { clear: both; }_title_font = ‘arial’;_title_color = ’000000′;_title_background = [...]

  8. hoi ribut be

  9. bagus

  10. bagus banget :)

  11. maap :D

  12. [...] fconfig.wordpress.com/2006/08/17/setting-up-a-fedora-nfs-server/: 276 [...]

  13. [...] Setting up a Fedora NFS Server [...]

  14. hi nfs used user authorized with web using php how to ?

  15. [...] think I got all the information I needed between these two links: http://fconfig.wordpress.com/2006/08/17/setting-up-a-fedora-nfs-server/ [...]

  16. YakuYaku, a young translation community is looking for new freelance translators to join its list of translators. Assignments are then distributed depending on several factors forイprofessional translation services. The quantity of available jobs depends on the number of visitors
    and you will get an alarm whenever a new job with the languages you work with is live.
    Apart from jobs postions, To assist you in your work, resources are provided and links to useful external resources.
    Translators who need help can enter our forum and ask for our pro members’ expertise..

  17. I tried this method on a gentoo machine,it mounts but:
    ls: cannot open directory /home/earthy/asinn/: Permission denied
    and when I check with ls -l :
    ls -l /home/earthy/
    total 794027
    drwx—— 61 500 500 4096 Mar 27 2011 asinn
    I cannot change it with root nor user so it is a useless mount.
    I know this is very old post but it seems to work for me up to that last point.

  18. The links here are not working. Where can I download these configuration files:

    ■nfs_firewallopen (used to open your firewall for nfs and portmap ports)
    ■nfs_servicestart (used to start nfs services)
    ■nfstart (to execute the 2 scripts above)
    ■nfs_firewallclose (used to close your opened nfs and portmap ports)
    ■nfs_servicestop (used to stop nfs services)
    ■nfstop (to execute the 2 scripts above)

    Thanks!

  19. nfs server

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
Follow

Get every new post delivered to your Inbox.

%d bloggers like this: