[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | |||
howtos:network_services:home_nfs_howto [2019/04/06 13:49 (UTC)] – Using proper section headers ellendhel | howtos:network_services:home_nfs_howto [2019/04/06 13:54 (UTC)] (current) – Various formatting improvements ellendhel | ||
---|---|---|---|
Line 21: | Line 21: | ||
* the desktop computer will be called DESKTOP and has an IP address 10.1.1.2 | * the desktop computer will be called DESKTOP and has an IP address 10.1.1.2 | ||
- | |||
* the laptop computer will be called LAPTOP and has an IP address 10.1.1.3 using a wired connection | * the laptop computer will be called LAPTOP and has an IP address 10.1.1.3 using a wired connection | ||
- | |||
* or the laptop computer will be called LAPTOP-W and has an IP address 10.1.1.4 using a wireless connection | * or the laptop computer will be called LAPTOP-W and has an IP address 10.1.1.4 using a wireless connection | ||
Line 32: | Line 30: | ||
**/ | **/ | ||
- | On the desktop computer /etc/hosts should have lines like | + | On the desktop computer /etc/hosts should have lines like: |
- | < | + | |
- | 10.1.1.4 | + | < |
- | On the laptop computer /etc/hosts should have a line like | + | 10.1.1.3 |
+ | 10.1.1.4 | ||
+ | </ | ||
+ | |||
+ | On the laptop computer /etc/hosts should have a line like: | ||
< | < | ||
+ | |||
**/ | **/ | ||
- | On both machines add | + | On both machines add: |
- | < | + | |
+ | < | ||
+ | portmap:ALL | ||
lockd:ALL | lockd:ALL | ||
mountd:ALL | mountd:ALL | ||
rquotad:ALL | rquotad:ALL | ||
- | statd: | + | statd:ALL |
+ | </ | ||
**/ | **/ | ||
- | On the desktop computer add | + | On the desktop computer add: |
- | < | + | |
+ | < | ||
+ | # For NFS mount from LAN | ||
portmap: 10.1.1.3 , 10.1.1.4 | portmap: 10.1.1.3 , 10.1.1.4 | ||
lockd: 10.1.1.3 , 10.1.1.4 | lockd: 10.1.1.3 , 10.1.1.4 | ||
rquotd: 10.1.1.3 , 10.1.1.4 | rquotd: 10.1.1.3 , 10.1.1.4 | ||
mountd: 10.1.1.3 , 10.1.1.4 | mountd: 10.1.1.3 , 10.1.1.4 | ||
- | statd: 10.1.1.3 , 10.1.1.4</ | + | statd: 10.1.1.3 , 10.1.1.4 |
+ | </ | ||
+ | |||
+ | On the laptop computer add: | ||
- | On the laptop computer add | + | < |
- | < | + | # For NFS mount from LAN |
portmap: 10.1.1.2 | portmap: 10.1.1.2 | ||
lockd: 10.1.1.2 | lockd: 10.1.1.2 | ||
rquotd: 10.1.1.2 | rquotd: 10.1.1.2 | ||
mountd: 10.1.1.2 | mountd: 10.1.1.2 | ||
- | statd: 10.1.1.2</ | + | statd: 10.1.1.2 |
- | The syntax in the above examples can be altered, e.g. 10.1.1. could be used to allow access from any machine on the 10.1.1.0/24 network | + | </ |
+ | |||
+ | The syntax in the above examples can be altered, e.g. 10.1.1. could be used to allow access from any machine on the 10.1.1.0/24 network. | ||
**/ | **/ | ||
- | On the desktop computer add | + | On the desktop computer add: |
- | < | + | |
+ | < | ||
+ | # Allow export of root file system to LAPTOP with read/write and root access | ||
/ | / | ||
LAPTOP-W(rw, | LAPTOP-W(rw, | ||
/ | / | ||
- | LAPTOP-W(rw, | + | LAPTOP-W(rw, |
- | On the laptop computer add | + | </ |
- | < | + | |
- | / | + | |
- | Comments | + | |
- | * The no_root_squash option is very permissive. The root_squash option is much more secure. | + | |
- | * Allowing access to the entire root file system is very permissive. Restriction to a sub-directory is much more secure. | + | On the laptop computer add: |
+ | < | ||
+ | # Allow export of root file system to DESKTOP with read/write and root access | ||
+ | / | ||
+ | </ | ||
+ | |||
+ | Comments | ||
+ | * The // | ||
+ | * Allowing access to the entire root file system is very permissive. Restriction to a sub-directory is much more secure. | ||
* The nohide option is required to show the contents of other mounted partitions. | * The nohide option is required to show the contents of other mounted partitions. | ||
Line 90: | Line 111: | ||
**/ | **/ | ||
- | Check that this file is executable on both computers. (Not strictly necessary as / | + | Check that this file is executable on both computers. (Not strictly necessary as / |
===== Binding ports ===== | ===== Binding ports ===== | ||
Line 97: | Line 118: | ||
To use NFS through the firewall follow this guide that is quoted verbatim. Thanks rworkman! | To use NFS through the firewall follow this guide that is quoted verbatim. Thanks rworkman! | ||
+ | |||
From http:// | From http:// | ||
- | < | + | |
+ | < | ||
+ | This document is intended to give you detailed steps for making NFS bind to | ||
user-specified ports instead of random ports assigned by the portmapper. | user-specified ports instead of random ports assigned by the portmapper. | ||
This makes it *much* easier to run a firewall on the NFS server, as you don't | This makes it *much* easier to run a firewall on the NFS server, as you don't | ||
Line 242: | Line 266: | ||
**/ | **/ | ||
- | < | + | < |
+ | # See also / | ||
# Optional arguments passed to rpcbind. See rpcbind(8) | # Optional arguments passed to rpcbind. See rpcbind(8) | ||
Line 270: | Line 295: | ||
# Port rpc.mountd should listen on: | # Port rpc.mountd should listen on: | ||
RPC_MOUNTD_PORT=32767 | RPC_MOUNTD_PORT=32767 | ||
- | #</ | + | # |
+ | </ | ||
===== Firewall settings ===== | ===== Firewall settings ===== | ||
Line 276: | Line 302: | ||
**/ | **/ | ||
- | Here are some example lines to allow NFS | + | Here are some example lines to allow NFS: |
- | < | + | |
+ | < | ||
+ | ## NFS uses TCP and UDP on ports 111, 2049, 32764-32769 | ||
# Accept TCP and UDP on port 111 from local LAN for portmap | # Accept TCP and UDP on port 111 from local LAN for portmap | ||
$IPTABLES -A INPUT -i $EXTIF -p tcp -s $LOCAL_LAN --dport 111 -j ACCEPT | $IPTABLES -A INPUT -i $EXTIF -p tcp -s $LOCAL_LAN --dport 111 -j ACCEPT |