Welcome to the Slackware Documentation Project

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
howtos:network_services:home_nfs_howto [2019/04/06 13:49 (UTC)]
ellendhel Using proper section headers
howtos:network_services:home_nfs_howto [2019/04/06 13:54 (UTC)] (current)
ellendhel Various formatting improvements
Line 21: Line 21:
  
   * the desktop computer will be called DESKTOP and has an IP address 10.1.1.2   * the desktop computer will be called DESKTOP and has an IP address 10.1.1.2
- 
   * the laptop computer will be called LAPTOP and has an IP address 10.1.1.3 using a wired connection   * the laptop computer will be called LAPTOP and has an IP address 10.1.1.3 using a wired connection
- 
   * or the laptop computer will be called LAPTOP-W and has an IP address 10.1.1.4 using a wireless connection   * or the laptop computer will be called LAPTOP-W and has an IP address 10.1.1.4 using a wireless connection
  
Line 32: Line 30:
 **/​etc/​hosts** **/​etc/​hosts**
  
-On the desktop computer /etc/hosts should have lines like +On the desktop computer /etc/hosts should have lines like
-<​code>​10.1.1.3 ​               LAPTOP.<​your domain> ​     LAPTOP + 
-10.1.1.4 ​               LAPTOP-W.<​your domain> ​   LAPTOP-W</​code>​ +<​code>​ 
-On the laptop computer /etc/hosts should have a line like+10.1.1.3 ​               LAPTOP.<​your domain> ​     LAPTOP 
 +10.1.1.4 ​               LAPTOP-W.<​your domain> ​   LAPTOP-W 
 +</​code>​ 
 + 
 +On the laptop computer /etc/hosts should have a line like
 <​code>​10.1.1.2 ​               DESKTOP.<​your domain> ​     DESKTOP</​code>​ <​code>​10.1.1.2 ​               DESKTOP.<​your domain> ​     DESKTOP</​code>​
 +
 **/​etc/​hosts.deny** **/​etc/​hosts.deny**
  
-On both machines add +On both machines add
-<​code>​portmap:​ALL+ 
 +<​code>​ 
 +portmap:ALL
 lockd:ALL lockd:ALL
 mountd:ALL mountd:ALL
 rquotad:ALL rquotad:ALL
-statd:​ALL</​code>​+statd:ALL 
 +</​code>​ 
 **/​etc/​hosts.allow** **/​etc/​hosts.allow**
  
-On the desktop computer add +On the desktop computer add
-<​code>#​ For NFS mount from LAN+ 
 +<​code>​ 
 +# For NFS mount from LAN
 portmap: 10.1.1.3 , 10.1.1.4 portmap: 10.1.1.3 , 10.1.1.4
 lockd: 10.1.1.3 , 10.1.1.4 lockd: 10.1.1.3 , 10.1.1.4
 rquotd: 10.1.1.3 , 10.1.1.4 rquotd: 10.1.1.3 , 10.1.1.4
 mountd: 10.1.1.3 , 10.1.1.4 mountd: 10.1.1.3 , 10.1.1.4
-statd: 10.1.1.3 , 10.1.1.4</​code>​+statd: 10.1.1.3 , 10.1.1.4 
 +</​code>​ 
 + 
 +On the laptop computer add:
  
-On the laptop computer add +<​code>​ 
-<​code>#​ For NFS mount from LAN+# For NFS mount from LAN
 portmap: 10.1.1.2 portmap: 10.1.1.2
 lockd: 10.1.1.2 lockd: 10.1.1.2
 rquotd: 10.1.1.2 rquotd: 10.1.1.2
 mountd: 10.1.1.2 mountd: 10.1.1.2
-statd: 10.1.1.2</​code>​ +statd: 10.1.1.2 
-The syntax in the above examples can be altered, e.g. 10.1.1. could be used to allow access from any machine on the 10.1.1.0/24 network+</​code>​ 
 + 
 +The syntax in the above examples can be altered, e.g. 10.1.1. could be used to allow access from any machine on the 10.1.1.0/24 network.
  
 **/​etc/​exports** **/​etc/​exports**
  
-On the desktop computer add +On the desktop computer add
-<​code>#​ Allow export of root file system to LAPTOP with read/write and root access+ 
 +<​code>​ 
 +# Allow export of root file system to LAPTOP with read/write and root access
 /               ​LAPTOP(rw,​no_root_squash,​no_subtree_check) \ /               ​LAPTOP(rw,​no_root_squash,​no_subtree_check) \
                 LAPTOP-W(rw,​no_root_squash,​no_subtree_check)                 LAPTOP-W(rw,​no_root_squash,​no_subtree_check)
 /​music ​         LAPTOP(rw,​no_root_squash,​no_subtree_check,​nohide) \ /​music ​         LAPTOP(rw,​no_root_squash,​no_subtree_check,​nohide) \
-                LAPTOP-W(rw,​no_root_squash,​no_subtree_check,​nohide)</​code>​ +                LAPTOP-W(rw,​no_root_squash,​no_subtree_check,​nohide) 
-On the laptop computer add +</​code>​
-<​code>#​ Allow export of root file system to DESKTOP with read/write and root access +
-/               ​DESKTOP(rw,​no_root_squash,​no_subtree_check)</​code> ​ +
-Comments +
-  * The no_root_squash option is very permissive. The root_squash option is much more secure.+
  
-  * Allowing access to the entire root file system is very permissive. Restriction to a sub-directory is much more secure.+On the laptop computer add:
  
 +<​code>​
 +# Allow export of root file system to DESKTOP with read/write and root access
 +/               ​DESKTOP(rw,​no_root_squash,​no_subtree_check)
 +</​code> ​
 +
 +Comments
 +  * The //​no_root_squash//​ option is very permissive. The //​root_squash//​ option is much more secure.
 +  * Allowing access to the entire root file system is very permissive. Restriction to a sub-directory is much more secure.
   * The nohide option is required to show the contents of other mounted partitions.   * The nohide option is required to show the contents of other mounted partitions.
  
Line 90: Line 111:
 **/​etc/​rc.d/​rc.rpc** **/​etc/​rc.d/​rc.rpc**
  
-Check that this file is executable on both computers. (Not strictly necessary as /​etc/​rc.d/​rc.nfsd will run this, but will be important if you want the computer to work as an NFS client only)+Check that this file is executable on both computers. (Not strictly necessary as /​etc/​rc.d/​rc.nfsd will run this, but will be important if you want the computer to work as an NFS client only).
  
 ===== Binding ports ===== ===== Binding ports =====
Line 97: Line 118:
  
 To use NFS through the firewall follow this guide that is quoted verbatim. Thanks rworkman! To use NFS through the firewall follow this guide that is quoted verbatim. Thanks rworkman!
 +
 From http://​rlworkman.net/​howtos/​NFS_Firewall_HOWTO From http://​rlworkman.net/​howtos/​NFS_Firewall_HOWTO
-<​file>​This document is intended to give you detailed steps for making NFS bind to+ 
 +<​file>​ 
 +This document is intended to give you detailed steps for making NFS bind to
 user-specified ports instead of random ports assigned by the portmapper. user-specified ports instead of random ports assigned by the portmapper.
 This makes it *much* easier to run a firewall on the NFS server, as you don't This makes it *much* easier to run a firewall on the NFS server, as you don't
Line 242: Line 266:
 **/​etc/​default/​rpc** **/​etc/​default/​rpc**
  
-<​code>#​ See also /​etc/​default/​nfs+<​code>​ 
 +# See also /​etc/​default/​nfs
  
 # Optional arguments passed to rpcbind. See rpcbind(8) # Optional arguments passed to rpcbind. See rpcbind(8)
Line 270: Line 295:
 # Port rpc.mountd should listen on: # Port rpc.mountd should listen on:
 RPC_MOUNTD_PORT=32767 RPC_MOUNTD_PORT=32767
-#</​code>​+# 
 +</​code>​
  
 ===== Firewall settings ===== ===== Firewall settings =====
Line 276: Line 302:
 **/​etc/​rc.d/​rc.firewall** **/​etc/​rc.d/​rc.firewall**
  
-Here are some example lines to allow NFS +Here are some example lines to allow NFS
-<​code>##​ NFS uses TCP and UDP on ports 111, 2049, 32764-32769+ 
 +<​code>​ 
 +## NFS uses TCP and UDP on ports 111, 2049, 32764-32769
 # Accept TCP and UDP on port 111 from local LAN for portmap # Accept TCP and UDP on port 111 from local LAN for portmap
 $IPTABLES -A INPUT -i $EXTIF -p tcp -s $LOCAL_LAN --dport 111 -j ACCEPT $IPTABLES -A INPUT -i $EXTIF -p tcp -s $LOCAL_LAN --dport 111 -j ACCEPT

In Other Languages
QR Code
QR Code howtos:network_services:home_nfs_howto (generated for current page)