Enjoy the Holiday season!

Welcome to the Slackware Documentation Project

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
howtos:network_services:home_nfs_howto [2019/04/06 13:49 (UTC)]
ellendhel Using proper section headers
howtos:network_services:home_nfs_howto [2019/04/06 13:54 (UTC)] (current)
ellendhel Various formatting improvements
Line 21: Line 21:
  
   * the desktop computer will be called DESKTOP and has an IP address 10.1.1.2   * the desktop computer will be called DESKTOP and has an IP address 10.1.1.2
- 
   * the laptop computer will be called LAPTOP and has an IP address 10.1.1.3 using a wired connection   * the laptop computer will be called LAPTOP and has an IP address 10.1.1.3 using a wired connection
- 
   * or the laptop computer will be called LAPTOP-W and has an IP address 10.1.1.4 using a wireless connection   * or the laptop computer will be called LAPTOP-W and has an IP address 10.1.1.4 using a wireless connection
  
Line 32: Line 30:
 **/etc/hosts** **/etc/hosts**
  
-On the desktop computer /etc/hosts should have lines like +On the desktop computer /etc/hosts should have lines like
-<code>10.1.1.3                LAPTOP.<your domain>      LAPTOP + 
-10.1.1.4                LAPTOP-W.<your domain>    LAPTOP-W</code> +<code> 
-On the laptop computer /etc/hosts should have a line like+10.1.1.3                LAPTOP.<your domain>      LAPTOP 
 +10.1.1.4                LAPTOP-W.<your domain>    LAPTOP-W 
 +</code> 
 + 
 +On the laptop computer /etc/hosts should have a line like
 <code>10.1.1.2                DESKTOP.<your domain>      DESKTOP</code> <code>10.1.1.2                DESKTOP.<your domain>      DESKTOP</code>
 +
 **/etc/hosts.deny** **/etc/hosts.deny**
  
-On both machines add +On both machines add
-<code>portmap:ALL+ 
 +<code> 
 +portmap:ALL
 lockd:ALL lockd:ALL
 mountd:ALL mountd:ALL
 rquotad:ALL rquotad:ALL
-statd:ALL</code>+statd:ALL 
 +</code> 
 **/etc/hosts.allow** **/etc/hosts.allow**
  
-On the desktop computer add +On the desktop computer add
-<code># For NFS mount from LAN+ 
 +<code> 
 +# For NFS mount from LAN
 portmap: 10.1.1.3 , 10.1.1.4 portmap: 10.1.1.3 , 10.1.1.4
 lockd: 10.1.1.3 , 10.1.1.4 lockd: 10.1.1.3 , 10.1.1.4
 rquotd: 10.1.1.3 , 10.1.1.4 rquotd: 10.1.1.3 , 10.1.1.4
 mountd: 10.1.1.3 , 10.1.1.4 mountd: 10.1.1.3 , 10.1.1.4
-statd: 10.1.1.3 , 10.1.1.4</code>+statd: 10.1.1.3 , 10.1.1.4 
 +</code> 
 + 
 +On the laptop computer add:
  
-On the laptop computer add +<code> 
-<code># For NFS mount from LAN+# For NFS mount from LAN
 portmap: 10.1.1.2 portmap: 10.1.1.2
 lockd: 10.1.1.2 lockd: 10.1.1.2
 rquotd: 10.1.1.2 rquotd: 10.1.1.2
 mountd: 10.1.1.2 mountd: 10.1.1.2
-statd: 10.1.1.2</code> +statd: 10.1.1.2 
-The syntax in the above examples can be altered, e.g. 10.1.1. could be used to allow access from any machine on the 10.1.1.0/24 network+</code> 
 + 
 +The syntax in the above examples can be altered, e.g. 10.1.1. could be used to allow access from any machine on the 10.1.1.0/24 network.
  
 **/etc/exports** **/etc/exports**
  
-On the desktop computer add +On the desktop computer add
-<code># Allow export of root file system to LAPTOP with read/write and root access+ 
 +<code> 
 +# Allow export of root file system to LAPTOP with read/write and root access
 /               LAPTOP(rw,no_root_squash,no_subtree_check) \ /               LAPTOP(rw,no_root_squash,no_subtree_check) \
                 LAPTOP-W(rw,no_root_squash,no_subtree_check)                 LAPTOP-W(rw,no_root_squash,no_subtree_check)
 /music          LAPTOP(rw,no_root_squash,no_subtree_check,nohide) \ /music          LAPTOP(rw,no_root_squash,no_subtree_check,nohide) \
-                LAPTOP-W(rw,no_root_squash,no_subtree_check,nohide)</code> +                LAPTOP-W(rw,no_root_squash,no_subtree_check,nohide) 
-On the laptop computer add +</code>
-<code># Allow export of root file system to DESKTOP with read/write and root access +
-/               DESKTOP(rw,no_root_squash,no_subtree_check)</code>  +
-Comments +
-  * The no_root_squash option is very permissive. The root_squash option is much more secure.+
  
-  * Allowing access to the entire root file system is very permissive. Restriction to a sub-directory is much more secure.+On the laptop computer add:
  
 +<code>
 +# Allow export of root file system to DESKTOP with read/write and root access
 +/               DESKTOP(rw,no_root_squash,no_subtree_check)
 +</code> 
 +
 +Comments
 +  * The //no_root_squash// option is very permissive. The //root_squash// option is much more secure.
 +  * Allowing access to the entire root file system is very permissive. Restriction to a sub-directory is much more secure.
   * The nohide option is required to show the contents of other mounted partitions.   * The nohide option is required to show the contents of other mounted partitions.
  
Line 90: Line 111:
 **/etc/rc.d/rc.rpc** **/etc/rc.d/rc.rpc**
  
-Check that this file is executable on both computers. (Not strictly necessary as /etc/rc.d/rc.nfsd will run this, but will be important if you want the computer to work as an NFS client only)+Check that this file is executable on both computers. (Not strictly necessary as /etc/rc.d/rc.nfsd will run this, but will be important if you want the computer to work as an NFS client only).
  
 ===== Binding ports ===== ===== Binding ports =====
Line 97: Line 118:
  
 To use NFS through the firewall follow this guide that is quoted verbatim. Thanks rworkman! To use NFS through the firewall follow this guide that is quoted verbatim. Thanks rworkman!
 +
 From http://rlworkman.net/howtos/NFS_Firewall_HOWTO From http://rlworkman.net/howtos/NFS_Firewall_HOWTO
-<file>This document is intended to give you detailed steps for making NFS bind to+ 
 +<file> 
 +This document is intended to give you detailed steps for making NFS bind to
 user-specified ports instead of random ports assigned by the portmapper. user-specified ports instead of random ports assigned by the portmapper.
 This makes it *much* easier to run a firewall on the NFS server, as you don't This makes it *much* easier to run a firewall on the NFS server, as you don't
Line 242: Line 266:
 **/etc/default/rpc** **/etc/default/rpc**
  
-<code># See also /etc/default/nfs+<code> 
 +# See also /etc/default/nfs
  
 # Optional arguments passed to rpcbind. See rpcbind(8) # Optional arguments passed to rpcbind. See rpcbind(8)
Line 270: Line 295:
 # Port rpc.mountd should listen on: # Port rpc.mountd should listen on:
 RPC_MOUNTD_PORT=32767 RPC_MOUNTD_PORT=32767
-#</code>+# 
 +</code>
  
 ===== Firewall settings ===== ===== Firewall settings =====
Line 276: Line 302:
 **/etc/rc.d/rc.firewall** **/etc/rc.d/rc.firewall**
  
-Here are some example lines to allow NFS +Here are some example lines to allow NFS
-<code>## NFS uses TCP and UDP on ports 111, 2049, 32764-32769+ 
 +<code> 
 +## NFS uses TCP and UDP on ports 111, 2049, 32764-32769
 # Accept TCP and UDP on port 111 from local LAN for portmap # Accept TCP and UDP on port 111 from local LAN for portmap
 $IPTABLES -A INPUT -i $EXTIF -p tcp -s $LOCAL_LAN --dport 111 -j ACCEPT $IPTABLES -A INPUT -i $EXTIF -p tcp -s $LOCAL_LAN --dport 111 -j ACCEPT

In Other Languages
QR Code
QR Code howtos:network_services:home_nfs_howto (generated for current page)