On the Server...
- Install packages, if missing: yum install portmap nfs-utils nfs-utils-lib
- Add line to /etc/hosts.allow as needed, e.g.: portmap: nnn.nnn.0.0/255.255.255.0, to allow other servers in your local network to run portmap against you. You can also allow this on an ip-by-ip basis, e.g. portmap: nnn.nnn.nnn.nnn, nnn.nnn.nnn.nnnn, or you can use wildcards. (more info) Note: if wildcards/etc don't work for you at first, try single IP addresses
- Add lines to /etc/exports specifying the directories you want to share and the hosts to which you want to share them. E.g.:
/directory/to-share machine.ip.ad.ress(options) /somedir/specific-machine nnn.nnn.nnn.nnn(rw,no_root_squash,sync) /somedir/couple-machines nnn.nnn.nnn.nnn(ro) nnn.nnn.nnn.nnn(rw,no_root_squash,sync) /somedir/entire-network nnn.nnn.0.0/255.255.255.0(rw) /somedir/wildcards nnn.nnn.nnn.2*(rw,sync)
- Are you also using iptables? If so, you'll want to open up a bunch of ports, and also edit some of the nfs settings to restrict the ports NFS is using.
In /etc/sysconfig/nfs you'll want to set:
STATD_PORT=10002
STATD_OUTGOING_PORT=10003
MOUNTD_PORT=10004
RQUOTAD_PORT=10005
In /etc/sysconfig/iptables you'll want to set something like:
-A RH-Firewall-1-INPUT -p udp -m udp -m multiport --dports 111,1110,2049 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp -m multiport --dports 111,1110,2049 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 32769 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 32803 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 10002 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 10003 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 10004 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 10005 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 10006 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 10007 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 10002 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 10003 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 10004 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 10005 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 10006 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 10007 -j ACCEPT
And then of course service iptables restart. - Set services to start automatically, because we're lazy: for i in nfs portmap; do chkconfig $i on; done
- Restart services: service portmap restart, service nfs restart
- Check status: rpcinfo -p localhost.
On the client, you shouldn't need to open up any ports. You can just add a line like:
remote.server.addr:/remote/share /local/mount nfs noatimeto /etc/fstab, and then use mount /local/mount to mount it. (I use /etc/fstab for laziness, of course.) SO LAZY.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.