[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
howtos:home_nfs_howto [2012/09/08 07:04 (UTC)] – allend | howtos:home_nfs_howto [2012/09/25 03:58 (UTC)] (current) – deleted page - moved to howtos:network_services section mfillpot | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | <!-- Add your text below. We strongly advise to start with a Headline (see button bar above). --> | ||
- | ====== Home NFS Setup HOWTO ====== | ||
- | This is a quick guide to setting up NFS in Slackware for use in a home LAN. The example used is for connection of a laptop computer with a desktop computer that also has an NTFS partition mounted on /music. It assumes that basic network connectivity has been established. | ||
- | This guide is largely cut and pasted from other more definitive documents. | ||
- | From http:// | ||
- | < | ||
- | |||
- | The Network File System (NFS) was developed to allow machines to mount a disk partition on a remote machine | ||
- | as if it were a local disk. It allows for fast, seamless sharing of files across a network. | ||
- | |||
- | It also gives the potential for unwanted people to access your hard drive over the network (and thereby | ||
- | | ||
- | if you set it up incorrectly.</ | ||
- | Setting up a secure NFS does require some additional work, but as good security habits start at home, these steps will also be presented. | ||
- | |||
- | For the purposes of this example: | ||
- | |||
- | * the desktop computer will be called DESKTOP and has an IP address 10.1.1.2 | ||
- | |||
- | * the laptop computer will be called LAPTOP and has an IP address 10.1.1.3 using a wired connection | ||
- | |||
- | * or the laptop computer will be called LAPTOP-W and has an IP address 10.1.1.4 using a wireless connection | ||
- | |||
- | Both computers will be setup to act as NFS servers as well as clients. | ||
- | |||
- | **Important files -** | ||
- | |||
- | **/ | ||
- | |||
- | On the desktop computer /etc/hosts should have lines like | ||
- | < | ||
- | 10.1.1.4 | ||
- | On the laptop computer /etc/hosts should have a line like | ||
- | < | ||
- | **/ | ||
- | |||
- | On both machines add | ||
- | < | ||
- | lockd:ALL | ||
- | mountd:ALL | ||
- | rquotad:ALL | ||
- | statd: | ||
- | **/ | ||
- | |||
- | On the desktop computer add | ||
- | < | ||
- | portmap: 10.1.1.3 , 10.1.1.4 | ||
- | lockd: 10.1.1.3 , 10.1.1.4 | ||
- | rquotd: 10.1.1.3 , 10.1.1.4 | ||
- | mountd: 10.1.1.3 , 10.1.1.4 | ||
- | statd: 10.1.1.3 , 10.1.1.4</ | ||
- | |||
- | On the laptop computer add | ||
- | < | ||
- | portmap: 10.1.1.2 | ||
- | lockd: 10.1.1.2 | ||
- | rquotd: 10.1.1.2 | ||
- | mountd: 10.1.1.2 | ||
- | statd: 10.1.1.2</ | ||
- | The syntax in the above examples can be altered, e.g. 10.1.1. could be used to allow access from any machine on the 10.1.1.1/ | ||
- | |||
- | **/ | ||
- | |||
- | On the desktop computer add | ||
- | < | ||
- | / | ||
- | LAPTOP-W(rw, | ||
- | / | ||
- | LAPTOP-W(rw, | ||
- | On the laptop computer add | ||
- | < | ||
- | / | ||
- | Comments | ||
- | * The no_root_squash option is very permissive. The root_squash option is much more secure. | ||
- | |||
- | * Allowing access to the entire root file system is very permissive. Restriction to a subdirectory is much more secure. | ||
- | |||
- | * The nohide option is required to show the contents of other mounted partitions. | ||
- | |||
- | **/ | ||
- | |||
- | Check that this file is executable on both computers | ||
- | |||
- | **/ | ||
- | |||
- | Check that this file is executable on both computers. (Not strictly necessary as / | ||
- | |||
- | To use NFS through the firewall on your computers, follow this guide that is quoted verbatim. Thanks rworkman! | ||
- | From http:// | ||
- | < | ||
- | user-specified ports instead of random ports assigned by the portmapper. | ||
- | This makes it *much* easier to run a firewall on the NFS server, as you don't | ||
- | have to kludge something to find the NFS ports at each boot to open them with | ||
- | iptables. | ||
- | |||
- | NOTE: This was written for Slackware Linux, but the general ideas should | ||
- | apply on pretty much any distribution. | ||
- | |||
- | First, you'll want (it's not necessary, but handy to have for later) to make | ||
- | sure all of this is in / | ||
- | added or modified so that I can easily remove them (or just find them) if I | ||
- | need them later. | ||
- | not official IANA assignments. | ||
- | |||
- | sunrpc | ||
- | sunrpc | ||
- | nfsd 2049/ | ||
- | nfsd 2049/ | ||
- | rpc.nfs-cb | ||
- | rpc.nfs-cb | ||
- | status | ||
- | status | ||
- | status | ||
- | status | ||
- | mountd | ||
- | mountd | ||
- | lockd | ||
- | lockd | ||
- | rquotad | ||
- | rquotad | ||
- | |||
- | |||
- | ************************************************************************ | ||
- | |||
- | Next, you'll need to modify your / | ||
- | For other linux distributions, | ||
- | daemons and add the needed flags. | ||
- | |||
- | # **** Make the quota daemon listen on port 32769 | ||
- | |||
- | if [ -x / | ||
- | echo " | ||
- | / | ||
- | fi | ||
- | |||
- | # **** Make the mount daemon listen on port 32767 | ||
- | |||
- | if [ -x / | ||
- | echo " | ||
- | / | ||
- | fi | ||
- | |||
- | |||
- | Now modify the / | ||
- | find the script that starts this daemon and add the needed flags). | ||
- | On older versions (less than 11.0) of Slackware, rpc.statd is started | ||
- | in rc.nfsd, so look there instead. | ||
- | |||
- | # **** Have the portmap daemon chroot to /var/empty for increased security | ||
- | # **** Make the status daemon listen on port 32765 and talk on port 32766 | ||
- | |||
- | if [ -x / | ||
- | if ! ps axc | grep -q rpc.portmap ; then | ||
- | echo " | ||
- | / | ||
- | fi | ||
- | if ! ps axc | grep -q rpc.statd ; then | ||
- | echo " | ||
- | / | ||
- | fi | ||
- | |||
- | # **** Note that you'll have to open port 32766 on the NFS clients | ||
- | |||
- | |||
- | Now make the lock daemon listen on port 32768 only and set the nfs callback | ||
- | port to 32764. | ||
- | |||
- | Up to Slackware 11.0, this requires a kernel boot parameter (an append= | ||
- | line in lilo.conf) - a kernel stanza will look something like this: | ||
- | |||
- | image = / | ||
- | append = " | ||
- | root = /dev/hda2 | ||
- | label = 2.4.37.11 | ||
- | read-only | ||
- | |||
- | After 11.0, but before Slackware 13.1, this requires setting module load | ||
- | options in a file in the / | ||
- | named file of / | ||
- | |||
- | options lockd nlm_udpport=32768 nlm_tcpport=32768 | ||
- | options nfs callback_tcpport=32764 # This is for NFSv4 | ||
- | |||
- | In Slackware 13.1 and later, you will instead need to place the following | ||
- | in / | ||
- | |||
- | fs.nfs.nlm_udpport=32768 | ||
- | fs.nfs.nlm_tcpport=32768 | ||
- | fs.nfs.nfs_callback_tcpport=32764 | ||
- | |||
- | |||
- | Finally, you'll need to reboot the machine since the lockd module probably | ||
- | will refuse to unload. | ||
- | of the changes " | ||
- | present in Slackware 14.0 or later) -- as an example, here's a snippet of | ||
- | what I see here: | ||
- | |||
- | stora # rpcinfo -p | ||
- | | ||
- | 100000 | ||
- | 100000 | ||
- | 100024 | ||
- | 100024 | ||
- | 100227 | ||
- | 100227 | ||
- | 100021 | ||
- | 100021 | ||
- | 100005 | ||
- | 100005 | ||
- | |||
- | |||
- | Copyright 2006-2011 | ||
- | #include < | ||
- | You may mirror and/or otherwise use this file as you wish so long as you | ||
- | retain attribution to the author. | ||
- | suggestions for improvement, | ||
- | |||
- | Note: Updated 20111126 for better consistency with the Debian NFS HOWTO | ||
- | (since the actual port assignments aren't important, we may as well | ||
- | recommend the same thing in both places); thanks to David Allen for | ||
- | the pointers and recommendation... | ||
- | |||
- | Note: Updated 20120820 to note pmap_dump usage instead of rpcinfo in | ||
- | Slackware 14+; thanks to David Allen for the heads-up on that. | ||
- | |||
- | </ | ||
- | |||
- | **/ | ||
- | |||
- | Here are some example lines to allow NFS | ||
- | < | ||
- | # Accept TCP and UDP on port 111 from local LAN for portmap | ||
- | $IPTABLES -A INPUT -i $EXTIF -p tcp -s $LOCAL_LAN --dport 111 -j ACCEPT | ||
- | $IPTABLES -A INPUT -i $EXTIF -p udp -s $LOCAL_LAN --dport 111 -j ACCEPT | ||
- | # Accept TCP and UDP on port 2049 from local LAN for nfsd | ||
- | $IPTABLES -A INPUT -i $EXTIF -p tcp -s $LOCAL_LAN --dport 2049 -j ACCEPT | ||
- | $IPTABLES -A INPUT -i $EXTIF -p udp -s $LOCAL_LAN --dport 2049 -j ACCEPT | ||
- | # Accept TCP and UDP on port 32765 from local LAN for statd listen (set in / | ||
- | $IPTABLES -A INPUT -i $EXTIF -p tcp -s $LOCAL_LAN --dport 32765 -j ACCEPT | ||
- | $IPTABLES -A INPUT -i $EXTIF -p udp -s $LOCAL_LAN --dport 32765 -j ACCEPT | ||
- | # Accept TCP and UDP on port 32766 from local LAN for statd send (set in / | ||
- | $IPTABLES -A INPUT -i $EXTIF -p tcp -s $LOCAL_LAN --dport 32766 -j ACCEPT | ||
- | $IPTABLES -A INPUT -i $EXTIF -p udp -s $LOCAL_LAN --dport 32766 -j ACCEPT | ||
- | # Accept TCP and UDP on port 32767 from local LAN for mountd (set in / | ||
- | $IPTABLES -A INPUT -i $EXTIF -p tcp -s $LOCAL_LAN --dport 32767 -j ACCEPT | ||
- | $IPTABLES -A INPUT -i $EXTIF -p udp -s $LOCAL_LAN --dport 32767 -j ACCEPT | ||
- | # Accept TCP and UDP on port 32768 from local LAN for lockd (set in / | ||
- | $IPTABLES -A INPUT -i $EXTIF -p tcp -s $LOCAL_LAN --dport 32768 -j ACCEPT | ||
- | $IPTABLES -A INPUT -i $EXTIF -p udp -s $LOCAL_LAN --dport 32768 -j ACCEPT | ||
- | # Accept TCP and UDP on port 32769 from local LAN for rquotad (set in / | ||
- | $IPTABLES -A INPUT -i $EXTIF -p tcp -s $LOCAL_LAN --dport 32769 -j ACCEPT | ||
- | $IPTABLES -A INPUT -i $EXTIF -p udp -s $LOCAL_LAN --dport 32769 -j ACCEPT | ||
- | </ | ||
- | |||
- | The work is done! Everything should now be in place. After rebooting both machines it should now be possible to: | ||
- | |||
- | * mount the root file system on the desktop computer on the /mnt/tmp directory on the laptop using | ||
- | < | ||
- | * mount the root file system on the laptop computer on the /mnt/tmp directory on the desktop using | ||
- | < | ||
- | |||
- | <!-- Please do not add anything below, except additional tags.--> | ||
- | <!-- However we request that you remove the tag-word " | ||
- | |||
- | <!-- Do not remove this line and the text below. Thanks! slackdocs@--> | ||
- | |||
- | |||
- | |||
- | |||
- | ====== Sources ====== | ||
- | <!-- If you are copying information from another source, then specify that source --> | ||
- | <!-- * Original source: [[http:// | ||
- | http:// | ||
- | |||
- | http:// | ||
- | <!-- Authors are allowed to give credit to themselves! --> | ||
- | <!-- * Originally written by [[wiki: | ||
- | <!-- * Contrbutions by [[wiki: | ||
- | |||
- | <!-- Please do not modify anything below, except adding new tags.--> | ||
- | <!-- You must also remove the tag-word " | ||
- | {{tag> | ||
- | {{topic> |