The Network File System is used to mount Linux directories over a network. An NFS server can export one or more directories with linux hosts but If you need to mount a Linux filesystem on a Windows machine then it is not feasible with NFS and it is the limitation of this service. We can go through Samba instead for linux to windows file sharing.
We have divided this article into 3 parts for better understanding of NFS:- |
1) NFS Server Configuration
2) NFS Client Configuration
3) NFS iptables rules
1) NFS Server Configuration: In this part we will setup NFS server in centos6.8 64bit system to share one linux directory with nfs client.
Install required packages by executing given commands.
# yum install nfs-utils nfs-utils-lib
Start required services by executing given commands.
# service rpcbind start
# service nfs start
Set chkconfig for related services by executing given command.
# chkconfig nfs on
# vi /etc/exports
/share_directory_location 103.255.X.X(rw)
Note: Mention the nfs server's directory which you want to share with nfs clients and the mention nfs client's ip address here.
2) NFS Client Configuration: In this part we will setup NFS client in centos6.8 64bit system to mount shared directory.
# yum install nfs-utils nfs-utils-lib
# service rpcbind start
# service nfs start
# chkconfig nfs on
Execute following command and cross check that shared directory is showing in output or not, If it is showing then your NFS server configuration is perfect and you may proceed to next step.
#showmount -e NFS_SERVER_IP
#mkdir /nfsmount
#mount -t nfs NFS_SERVER_IP:/share_directory_location /nfsmount
#df -h
Note: If you mount this directory permanently then do not forget to make fstab entries. If you skip this step then directory will be automatically umounted after reboot.
#vi /etc/fstab
NFS_SERVER_IP:/share_directory_location /nfsmount nfs default 0 0
# mount -a
3) NFS iptables Rules: In this part we will setup NFS iptable rules. If iptables are applied to your client or host then it is must to allow iptable ports and connections else it may slow down your server performance.
Open the iptable configuration file into a text editor.
# vi /etc/sysconfig/iptables
Add the Following Highlighted Lines to it
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 2049 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 111 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 111 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 32803 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 32803 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 32769 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 32769 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 892 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 892 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 875 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 875 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 662 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 662 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 2020 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 2020 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
Restart IPtables to apply the new rules.
# service iptables restart
Conclusion |
If you are using csf then you may simply allow given ports into your csf.conf file. If iptables/csf is applied on your server and you did not allow nfs rules then iptables/csf will continuously try to block these ports and connections and this blocking process will slow down all over server performance.