Enjoy the Holiday season!

Welcome to the Slackware Documentation Project

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
howtos:network_services:home_nfs_howto [2012/09/25 03:58 (UTC)]
mfillpot moved from general howtos namespace
howtos:network_services:home_nfs_howto [2019/04/06 13:54 (UTC)] (current)
ellendhel Various formatting improvements
Line 1: Line 1:
 <!-- Add your text below. We strongly advise to start with a Headline (see button bar above). --> <!-- Add your text below. We strongly advise to start with a Headline (see button bar above). -->
 +<!--Reviewed 20130128 by hazel -->
 +
 ====== Home NFS Setup HOWTO ====== ====== Home NFS Setup HOWTO ======
 +
 This is a quick guide to setting up NFS in Slackware for use in a home LAN. The example used is for connection of a laptop computer with a desktop computer that also has an NTFS partition mounted on /music. It assumes that basic network connectivity has been established. This is a quick guide to setting up NFS in Slackware for use in a home LAN. The example used is for connection of a laptop computer with a desktop computer that also has an NTFS partition mounted on /music. It assumes that basic network connectivity has been established.
 This guide is largely cut and pasted from other more definitive documents. This guide is largely cut and pasted from other more definitive documents.
Line 18: Line 21:
  
   * the desktop computer will be called DESKTOP and has an IP address 10.1.1.2   * the desktop computer will be called DESKTOP and has an IP address 10.1.1.2
- 
   * the laptop computer will be called LAPTOP and has an IP address 10.1.1.3 using a wired connection   * the laptop computer will be called LAPTOP and has an IP address 10.1.1.3 using a wired connection
- 
   * or the laptop computer will be called LAPTOP-W and has an IP address 10.1.1.4 using a wireless connection   * or the laptop computer will be called LAPTOP-W and has an IP address 10.1.1.4 using a wireless connection
  
 Both computers will be setup to act as NFS servers as well as clients. Both computers will be setup to act as NFS servers as well as clients.
  
-**Important files -**+===== Access settings =====
  
 **/etc/hosts** **/etc/hosts**
  
-On the desktop computer /etc/hosts should have lines like +On the desktop computer /etc/hosts should have lines like
-<code>10.1.1.3                LAPTOP.<your domain>      LAPTOP + 
-10.1.1.4                LAPTOP-W.<your domain>    LAPTOP-W</code> +<code> 
-On the laptop computer /etc/hosts should have a line like+10.1.1.3                LAPTOP.<your domain>      LAPTOP 
 +10.1.1.4                LAPTOP-W.<your domain>    LAPTOP-W 
 +</code> 
 + 
 +On the laptop computer /etc/hosts should have a line like
 <code>10.1.1.2                DESKTOP.<your domain>      DESKTOP</code> <code>10.1.1.2                DESKTOP.<your domain>      DESKTOP</code>
 +
 **/etc/hosts.deny** **/etc/hosts.deny**
  
-On both machines add +On both machines add
-<code>portmap:ALL+ 
 +<code> 
 +portmap:ALL
 lockd:ALL lockd:ALL
 mountd:ALL mountd:ALL
 rquotad:ALL rquotad:ALL
-statd:ALL</code>+statd:ALL 
 +</code> 
 **/etc/hosts.allow** **/etc/hosts.allow**
  
-On the desktop computer add +On the desktop computer add
-<code># For NFS mount from LAN+ 
 +<code> 
 +# For NFS mount from LAN
 portmap: 10.1.1.3 , 10.1.1.4 portmap: 10.1.1.3 , 10.1.1.4
 lockd: 10.1.1.3 , 10.1.1.4 lockd: 10.1.1.3 , 10.1.1.4
 rquotd: 10.1.1.3 , 10.1.1.4 rquotd: 10.1.1.3 , 10.1.1.4
 mountd: 10.1.1.3 , 10.1.1.4 mountd: 10.1.1.3 , 10.1.1.4
-statd: 10.1.1.3 , 10.1.1.4</code>+statd: 10.1.1.3 , 10.1.1.4 
 +</code> 
 + 
 +On the laptop computer add:
  
-On the laptop computer add +<code> 
-<code># For NFS mount from LAN+# For NFS mount from LAN
 portmap: 10.1.1.2 portmap: 10.1.1.2
 lockd: 10.1.1.2 lockd: 10.1.1.2
 rquotd: 10.1.1.2 rquotd: 10.1.1.2
 mountd: 10.1.1.2 mountd: 10.1.1.2
-statd: 10.1.1.2</code> +statd: 10.1.1.2 
-The syntax in the above examples can be altered, e.g. 10.1.1. could be used to allow access from any machine on the 10.1.1.1/255 network+</code> 
 + 
 +The syntax in the above examples can be altered, e.g. 10.1.1. could be used to allow access from any machine on the 10.1.1.0/24 network.
  
 **/etc/exports** **/etc/exports**
  
-On the desktop computer add +On the desktop computer add
-<code># Allow export of root file system to LAPTOP with read/write and root access+ 
 +<code> 
 +# Allow export of root file system to LAPTOP with read/write and root access
 /               LAPTOP(rw,no_root_squash,no_subtree_check) \ /               LAPTOP(rw,no_root_squash,no_subtree_check) \
                 LAPTOP-W(rw,no_root_squash,no_subtree_check)                 LAPTOP-W(rw,no_root_squash,no_subtree_check)
 /music          LAPTOP(rw,no_root_squash,no_subtree_check,nohide) \ /music          LAPTOP(rw,no_root_squash,no_subtree_check,nohide) \
-                LAPTOP-W(rw,no_root_squash,no_subtree_check,nohide)</code> +                LAPTOP-W(rw,no_root_squash,no_subtree_check,nohide) 
-On the laptop computer add +</code>
-<code># Allow export of root file system to DESKTOP with read/write and root access +
-/               DESKTOP(rw,no_root_squash,no_subtree_check)</code>  +
-Comments +
-  * The no_root_squash option is very permissive. The root_squash option is much more secure.+
  
-  * Allowing access to the entire root file system is very permissive. Restriction to a subdirectory is much more secure.+On the laptop computer add:
  
 +<code>
 +# Allow export of root file system to DESKTOP with read/write and root access
 +/               DESKTOP(rw,no_root_squash,no_subtree_check)
 +</code> 
 +
 +Comments
 +  * The //no_root_squash// option is very permissive. The //root_squash// option is much more secure.
 +  * Allowing access to the entire root file system is very permissive. Restriction to a sub-directory is much more secure.
   * The nohide option is required to show the contents of other mounted partitions.   * The nohide option is required to show the contents of other mounted partitions.
 +
 +===== Daemon startup =====
  
 **/etc/rc.d/rc.nfsd** **/etc/rc.d/rc.nfsd**
Line 85: Line 111:
 **/etc/rc.d/rc.rpc** **/etc/rc.d/rc.rpc**
  
-Check that this file is executable on both computers. (Not strictly necessary as /etc/rc.d/rc.nfsd will run this, but will be important if you want the computer to work as an NFS client only)+Check that this file is executable on both computers. (Not strictly necessary as /etc/rc.d/rc.nfsd will run this, but will be important if you want the computer to work as an NFS client only)
 + 
 +===== Binding ports ===== 
 + 
 +**a) Slackware versions up to 14.2** 
 + 
 +To use NFS through the firewall follow this guide that is quoted verbatim. Thanks rworkman!
  
-To use NFS through the firewall on your computers, follow this guide that is quoted verbatim. Thanks rworkman! 
 From http://rlworkman.net/howtos/NFS_Firewall_HOWTO From http://rlworkman.net/howtos/NFS_Firewall_HOWTO
-<file>This document is intended to give you detailed steps for making NFS bind to+ 
 +<file> 
 +This document is intended to give you detailed steps for making NFS bind to
 user-specified ports instead of random ports assigned by the portmapper. user-specified ports instead of random ports assigned by the portmapper.
 This makes it *much* easier to run a firewall on the NFS server, as you don't This makes it *much* easier to run a firewall on the NFS server, as you don't
Line 226: Line 259:
  
 </file> </file>
 +
 +**b) Slackware version after 14.2**
 +
 +To use NFS through the firewall is now easier, as options for NFS can be set in /etc/default/nfs and /etc/default/rpc. It is simply necessary to uncomment the appropriate lines in /etc/default/rpc.
 +
 +**/etc/default/rpc**
 +
 +<code>
 +# See also /etc/default/nfs
 +
 +# Optional arguments passed to rpcbind. See rpcbind(8)
 +#RPCBIND_OPTS=""
 +#
 +# Optional arguments passed to rpc.statd. See rpc.statd(8)
 +#RPC_STATD_OPTS=""
 +# Optional hostname to start rpc.statd with.
 +#RPC_STATD_HOSTNAME="darkstar"
 +# Port rpc.statd should listen on.
 +RPC_STATD_PORT=32766
 +# Outgoing port rpc.statd should use.
 +RPC_STATD_OUTGOING_PORT=32765
 +#
 +# Optional options passed to rquotad. See rquotad(8)
 +#RPC_RQUOTAD_OPTS=""
 +# Optional port rquotad should listen on:
 +RPC_RQUOTAD_PORT=32769
 +#
 +# TCP port rpc.lockd should listen on:
 +LOCKD_TCP_PORT=32768
 +# UDP port rpc.lockd should listen on:
 +LOCKD_UDP_PORT=32768
 +#
 +# Optional arguments passed to rpc.mountd. See rpc.mountd(8)
 +#RPC_MOUNTD_OPTS=""
 +# Port rpc.mountd should listen on:
 +RPC_MOUNTD_PORT=32767
 +#
 +</code>
 +
 +===== Firewall settings =====
  
 **/etc/rc.d/rc.firewall** **/etc/rc.d/rc.firewall**
  
-Here are some example lines to allow NFS +Here are some example lines to allow NFS
-<code>## NFS uses TCP and UDP on ports 111, 2049, 32764-32769+ 
 +<code> 
 +## NFS uses TCP and UDP on ports 111, 2049, 32764-32769
 # Accept TCP and UDP on port 111 from local LAN for portmap # Accept TCP and UDP on port 111 from local LAN for portmap
 $IPTABLES -A INPUT -i $EXTIF -p tcp -s $LOCAL_LAN --dport 111 -j ACCEPT $IPTABLES -A INPUT -i $EXTIF -p tcp -s $LOCAL_LAN --dport 111 -j ACCEPT
Line 237: Line 312:
 $IPTABLES -A INPUT -i $EXTIF -p tcp -s $LOCAL_LAN --dport 2049 -j ACCEPT $IPTABLES -A INPUT -i $EXTIF -p tcp -s $LOCAL_LAN --dport 2049 -j ACCEPT
 $IPTABLES -A INPUT -i $EXTIF -p udp -s $LOCAL_LAN --dport 2049 -j ACCEPT $IPTABLES -A INPUT -i $EXTIF -p udp -s $LOCAL_LAN --dport 2049 -j ACCEPT
-# Accept TCP and UDP on port 32765 from local LAN for statd listen (set in /etc/rc.d/rc.rpc)+# Accept TCP and UDP on port 32765 from local LAN for statd listen 
 +#  (set in /etc/rc.d/rc.rpc for Slackware <= 14.2 or /etc/default/rpc for Slackware >= 14.2-current)
 $IPTABLES -A INPUT -i $EXTIF -p tcp -s $LOCAL_LAN --dport 32765 -j ACCEPT $IPTABLES -A INPUT -i $EXTIF -p tcp -s $LOCAL_LAN --dport 32765 -j ACCEPT
 $IPTABLES -A INPUT -i $EXTIF -p udp -s $LOCAL_LAN --dport 32765 -j ACCEPT $IPTABLES -A INPUT -i $EXTIF -p udp -s $LOCAL_LAN --dport 32765 -j ACCEPT
-# Accept TCP and UDP on port 32766 from local LAN for statd send (set in /etc/rc.d/rc.rpc)+# Accept TCP and UDP on port 32766 from local LAN for statd send 
 +#  (set in /etc/rc.d/rc.rpc for Slackware <= 14.2 or /etc/default/rpc for Slackware >= 14.2-current)
 $IPTABLES -A INPUT -i $EXTIF -p tcp -s $LOCAL_LAN --dport 32766 -j ACCEPT $IPTABLES -A INPUT -i $EXTIF -p tcp -s $LOCAL_LAN --dport 32766 -j ACCEPT
 $IPTABLES -A INPUT -i $EXTIF -p udp -s $LOCAL_LAN --dport 32766 -j ACCEPT $IPTABLES -A INPUT -i $EXTIF -p udp -s $LOCAL_LAN --dport 32766 -j ACCEPT
-# Accept TCP and UDP on port 32767 from local LAN for mountd (set in /etc/rc.d/rc.nfsd)+# Accept TCP and UDP on port 32767 from local LAN for mountd 
 +#  (set in /etc/rc.d/rc.nfsd for Slackware <= 14.2 or /etc/default/rpc for Slackware >= 14.2-current)
 $IPTABLES -A INPUT -i $EXTIF -p tcp -s $LOCAL_LAN --dport 32767 -j ACCEPT $IPTABLES -A INPUT -i $EXTIF -p tcp -s $LOCAL_LAN --dport 32767 -j ACCEPT
 $IPTABLES -A INPUT -i $EXTIF -p udp -s $LOCAL_LAN --dport 32767 -j ACCEPT $IPTABLES -A INPUT -i $EXTIF -p udp -s $LOCAL_LAN --dport 32767 -j ACCEPT
-# Accept TCP and UDP on port 32768 from local LAN for lockd (set in /etc/sysctl.conf)+# Accept TCP and UDP on port 32768 from local LAN for lockd 
 +#  (set in /etc/sysctl.conf for Slackware <= 14.2 or /etc/default/rpc for Slackware >= 14.2-current)
 $IPTABLES -A INPUT -i $EXTIF -p tcp -s $LOCAL_LAN --dport 32768 -j ACCEPT $IPTABLES -A INPUT -i $EXTIF -p tcp -s $LOCAL_LAN --dport 32768 -j ACCEPT
 $IPTABLES -A INPUT -i $EXTIF -p udp -s $LOCAL_LAN --dport 32768 -j ACCEPT $IPTABLES -A INPUT -i $EXTIF -p udp -s $LOCAL_LAN --dport 32768 -j ACCEPT
-# Accept TCP and UDP on port 32769 from local LAN for rquotad (set in /etc/rc.d/rc.nfsd)+# Accept TCP and UDP on port 32769 from local LAN for rquotad 
 +#  (set in /etc/rc.d/rc.nfsd for Slackware <= 14.2 or /etc/default/rpc for Slackware >= 14.2-current)
 $IPTABLES -A INPUT -i $EXTIF -p tcp -s $LOCAL_LAN --dport 32769 -j ACCEPT $IPTABLES -A INPUT -i $EXTIF -p tcp -s $LOCAL_LAN --dport 32769 -j ACCEPT
 $IPTABLES -A INPUT -i $EXTIF -p udp -s $LOCAL_LAN --dport 32769 -j ACCEPT $IPTABLES -A INPUT -i $EXTIF -p udp -s $LOCAL_LAN --dport 32769 -j ACCEPT
Line 262: Line 342:
  
 ====== Sources ====== ====== Sources ======
 +
   * http://nfs.sourceforge.net/nfs-howto/   * http://nfs.sourceforge.net/nfs-howto/
   * http://rlworkman.net/howtos/NFS_Firewall_HOWTO   * http://rlworkman.net/howtos/NFS_Firewall_HOWTO

In Other Languages
QR Code
QR Code howtos:network_services:home_nfs_howto (generated for current page)