Mercurial > hg > Blog
annotate content/Linux/nfs.md @ 98:1d9382b0329b
Specify the syntax on markdown blocks to avoid broken output that has class=err
| author | Dirk Olmes <dirk@xanthippe.ping.de> |
|---|---|
| date | Thu, 19 Dec 2019 10:04:33 +0100 |
| parents | 9693693301f2 |
| children |
| rev | line source |
|---|---|
|
63
9693693301f2
add blog post on NFS server
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
1 Title: NFS setup |
|
9693693301f2
add blog post on NFS server
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
2 Date: 2015-07-30 |
|
9693693301f2
add blog post on NFS server
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
3 Lang: en |
|
9693693301f2
add blog post on NFS server
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
4 |
|
9693693301f2
add blog post on NFS server
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
5 I'm planning to put my [Raspberry Pi](https://www.raspberrypi.org/) back to use. I have always disliked its dependency on SD memory cards so I'm planning to put the Pi's root filesystem on NFS. The Pi side will be a topic for another blog post later, first I'll have to setup an NFS server on my main [Gentoo](https://www.gentoo.org) machine. |
|
9693693301f2
add blog post on NFS server
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
6 |
|
9693693301f2
add blog post on NFS server
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
7 The main NFS setup is described [on the Gentoo wiki](https://wiki.gentoo.org/wiki/NFS) in sufficient detail. I had a bit of a headache getting NFS through my [Shorewall](http://www.shorewall.net/) based firefall, though. There is a good section on NFS security in the [NFS-HOWTO](http://tldp.org/HOWTO/NFS-HOWTO/security.html) which describes all the necessary bits. And the Gentoo config files have all the required settings in their comments, too. It turns out that all you have to do is to put some configuration into place and the NFS server will play nicely with the firewall: |
|
9693693301f2
add blog post on NFS server
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
8 |
|
9693693301f2
add blog post on NFS server
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
9 In `/etc/sysctl.conf` these settings: |
|
9693693301f2
add blog post on NFS server
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
10 |
|
98
1d9382b0329b
Specify the syntax on markdown blocks to avoid broken output that has class=err
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
63
diff
changeset
|
11 :::shell |
|
63
9693693301f2
add blog post on NFS server
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
12 fs.nfs.nlm_tcpport = 4001 |
|
9693693301f2
add blog post on NFS server
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
13 fs.nfs.nlm_udpport = 4001 |
|
9693693301f2
add blog post on NFS server
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
14 |
|
9693693301f2
add blog post on NFS server
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
15 In `/etc/conf.d/nfs` enable these settings: |
|
9693693301f2
add blog post on NFS server
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
16 |
|
98
1d9382b0329b
Specify the syntax on markdown blocks to avoid broken output that has class=err
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
63
diff
changeset
|
17 :::shell |
|
63
9693693301f2
add blog post on NFS server
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
18 OPTS_RPC_MOUNTD="-p 32767" |
|
9693693301f2
add blog post on NFS server
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
19 OPTS_RPC_STATD="-p 32765 -o 32766" |
|
9693693301f2
add blog post on NFS server
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
20 |
|
9693693301f2
add blog post on NFS server
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
21 Now all NFS daemons should be locked down to specific ports so you can add appropriate shorewall rules: |
|
9693693301f2
add blog post on NFS server
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
22 |
|
98
1d9382b0329b
Specify the syntax on markdown blocks to avoid broken output that has class=err
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
63
diff
changeset
|
23 :::shell |
|
63
9693693301f2
add blog post on NFS server
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
24 ACCEPT loc fw tcp 111 # portmapper |
|
9693693301f2
add blog post on NFS server
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
25 ACCEPT loc fw udp 111 |
|
9693693301f2
add blog post on NFS server
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
26 ACCEPT loc fw tcp 2049 # rpc.nfsd |
|
9693693301f2
add blog post on NFS server
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
27 ACCEPT loc fw udp 2049 |
|
9693693301f2
add blog post on NFS server
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
28 ACCEPT loc fw tcp 4001 # kernel lockd |
|
9693693301f2
add blog post on NFS server
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
29 ACCEPT loc fw udp 4001 |
|
9693693301f2
add blog post on NFS server
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
30 ACCEPT loc fw tcp 32765:32767 |
|
9693693301f2
add blog post on NFS server
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
31 ACCEPT loc fw udp 32765:32767 |
|
9693693301f2
add blog post on NFS server
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
32 |
|
9693693301f2
add blog post on NFS server
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
33 Restart the nfs service and the firewall. Now clients on the local network should be able to mount shares over NFS. |