NfsServerSetup < LinuxSupport

LinuxSupport Web>LinuxSupport>LinuxSupportFAQ>NfsServerSetup (2008-02-20, JanIven)

Linux Support FAQ entry 20 Feb 2008, logged in as JanIven

LinuxSupportFAQForm
SupportProblem	How to configure a SLC machine to be a NFS server?
SupportAnswer	rpc.mountd and rpc.statd: fix the port rpc.mountd is listening on so that it can be enabled in the firewall. Put MOUNTD_PORT=XXXX STATD_PORT=YYYY LOCKD_TCPPORT=ZZZZ LOCKD_UDPPORT=ZZZZ in /etc/sysconfig/network. The port can be any unused port. The ports in use depend on the services the machine is running (and generally can be checked using the 'netstat -nl' command). If you want quota on NFS, put the following in /etc/services, and enable port 4003 in the firewall as shown below: rquotad 4003/tcp rquotad 4003/udp Firewall: Add to /etc/sysconfig/iptables before the first "REJECT": -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 0/0 -d 0/0 --dport XXXX -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp -s 0/0 -d 0/0 --dport XXXX -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 0/0 -d 0/0 --dport YYYY -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp -s 0/0 -d 0/0 --dport YYYY -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 0/0 -d 0/0 --dport ZZZZ -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp -s 0/0 -d 0/0 --dport ZZZZ -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 0/0 -d 0/0 --dport 4003 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp -s 0/0 -d 0/0 --dport 4003 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 0/0 -d 0/0 --dport sunrpc -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp -s 0/0 -d 0/0 --dport sunrpc -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 0/0 -d 0/0 --dport nfs -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp -s 0/0 -d 0/0 --dport nfs -j ACCEPT and restart the firewall: # /sbin/service iptables restart # /sbin/service ntpd restart If you want to be more specific, please feel free to restrict the range of allowed clients - e.g. modify the "-s 0/0" to "-s 137.138.0.0/16" to allow access only from the main CERN network (caution, CERN has other networks as well). (XXXX, YYYY and ZZZZ are the ports specified above) Exported directories: Configure /etc/exports, see "man 5 exports" for details. Example (export /data/redhat to all cern.ch machines, read-only): /data/redhat .cern.ch(ro,insecure,all_squash) Please note that in a real configuration this is probably not what you want to do: While exporting over NFS you should be more restrictive. This can be achieved by configuring your /etc/netgroup* file in the following way: group_1 (yourclient1.cern.ch,,) (yourclient2.cern.ch,,) group_2 (trustedclient.cern.ch,,) (trustedclient2.cern.ch,,) Adjust access rights on /etc/netgroup: chmod 600 /etc/netgroup chown root.root /etc/netgroup (of course trustedclient and yourclient should be repaced by your machines names). Then use above group names in your /etc/exports which could look as the example below: /publicity @group_1(ro,insecure,all_squash) @group_2(rw) /restricted @group_2(rw,insecure,no_root_squash) (If in doubt: please check "man 5 exports" for the meaning of the above options.) Start portmapper and NFS server daemon # /sbin/chkconfig --add nfs # /sbin/chkconfig nfs on # /sbin/chkconfig --add portmap # /sbin/service portmap start # /sbin/service nfs start
OsVersion	all
HardwareArchitecture	any
ApprovedBySupport	SupportApproved

Topic revision: r1 - 2008-02-20 - JanIven

LinuxSupport

LinuxSupport Web
LinuxSupport Web Home
Changes
Index
Search

- Cern Search
- TWiki Search
- Google Search
LinuxSupport All webs

Copyright &© 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback