Breaking

Wednesday, 6 November 2019

NFS Client-Server Configuration

                   NFS (Network File System)                                                

The Network File System is used to mount Linux directories over a network. An NFS server can export one or more directories with linux hosts but If you need to mount a Linux filesystem on a Windows machine then it is not feasible with NFS and it is the limitation of this service. We can go through Samba instead for linux to windows file sharing.
We have divided this article into 3 parts for better understanding of NFS:-                                                        
1) NFS Server Configuration
2) NFS Client Configuration
3) NFS iptables rules

1) NFS Server Configuration: In this part we will setup NFS server in centos6.8 64bit system to share one linux directory with nfs client.
Install required packages by executing given commands.
# yum install nfs-utils nfs-utils-lib



Start required services by executing given commands.
# service rpcbind start
# service nfs start




Set chkconfig for related services by executing given command.
# chkconfig nfs on
# vi /etc/exports
/share_directory_location   103.255.X.X(rw)




Note: Mention the nfs server's directory which you want to share with nfs clients and the mention nfs client's ip address here.

2) NFS Client Configuration: In this part we will setup NFS client in centos6.8 64bit system to mount shared directory.

# yum install nfs-utils nfs-utils-lib
# service rpcbind start
# service nfs start
# chkconfig nfs on

Execute following command and cross check that shared directory is showing in output or not, If it is showing then your NFS server configuration is perfect and you may proceed to next step.
#showmount -e NFS_SERVER_IP



#mkdir /nfsmount
#mount -t nfs NFS_SERVER_IP:/share_directory_location /nfsmount
#df -h




Note: If you mount this directory permanently then do not forget to make fstab entries. If you skip this step then directory will be automatically umounted after reboot.

#vi /etc/fstab
NFS_SERVER_IP:/share_directory_location         /nfsmount  nfs  default   0 0
# mount -a


3) NFS iptables Rules: In this part we will setup NFS iptable rules. If iptables are applied to your client or host then it is must to allow iptable ports and connections else it may slow down your server performance.
Open the iptable configuration file into a text editor.
# vi /etc/sysconfig/iptables


Add the Following Highlighted Lines to it

:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 2049 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 111 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 111 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 32803 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 32803 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 32769 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 32769 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 892 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 892 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 875 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 875 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 662 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 662 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 2020 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 2020 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT


Restart IPtables to apply the new rules.
# service iptables restart


                                                  Conclusion                                                 

If you are using csf then you may simply allow given ports into your csf.conf file. If iptables/csf is applied on your server and you did not allow nfs rules then iptables/csf will continuously try to block these ports and connections and this blocking process will slow down all over server performance.

Tagged In:

No comments:

Post a Comment

Post Top Ad

Your Ad Spot