====== NFS Server Setup ======
There are a few steps required to configure an nfs server:
- [[#nfs setup]]
- [[#hosts|/etc/hosts]]
- [[#exports|/etc/exports]]
- [[#iptables]]
- [[#start nfs]]
And then we need to setup a client:
- configure a client (I've configured Fedora Core 6 as an [[:linux:fedora:nfs|nfs client]])
===== nfs setup =====
- enable ''nfs'' and ''nfslock'':\\ [root@wspace ~]# /sbin/chkconfig --level 345 nfs on
[root@wspace ~]# /sbin/chkconfig --level 345 nfslock on
- verify the services are enabled:\\ [root@wspace ~]# /sbin/chkconfig --list nfs
nfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off
[root@wspace ~]# /sbin/chkconfig --list nfslock
nfslock 0:off 1:off 2:off 3:on 4:on 5:on 6:off
- I also set the default ports for ''nfs'' in an ''/etc/sysconfig/nfs'' file (I created the file). This makes setting the firewall rules later on much easier:\\ STATD_PORT=4001
LOCKD_TCPPORT=4002
LOCKD_UDPPORT=4002
MOUNTD_PORT=4003
===== hosts =====
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost wspace
192.168.1.103 bender
===== exports =====
Info from the [[http://www.slackbook.org/html/network-configuration-nfs.html#NETWORK-CONFIGURATION-NFS-NFS|Slackware Book]]
/home/media bender(rw,root_squash)
===== iptables =====
After opening/configuring nfs as per [[http://www.linuxquestions.org/questions/showthread.php?t=294069]], I tweaked my firewall settings to only allow my client's IP address to access the various nfs and related daemons/ports:
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
# nfs ports, restricting just to bender
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 111 -s 192.168.1.103 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 111 -s 192.168.1.103 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 2049 -s 192.168.1.103 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 2049 -s 192.168.1.103 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 4001 -s 192.168.1.103 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 4001 -s 192.168.1.103 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 4002 -s 192.168.1.103 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 4002 -s 192.168.1.103 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 4003 -s 192.168.1.103 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 4003 -s 192.168.1.103 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 4004 -s 192.168.1.103 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 4004 -s 192.168.1.103 -j ACCEPT
# end of nfs ports
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
===== start nfs =====
[root@wspace ~]# /sbin/service nfs start
[root@wspace ~]# /sbin/service nfslock start
==
\\ \\
{{tag>:linux :linux:server}}