Mercurial > hg > Blog
view content/Linux/nfs.md @ 98:1d9382b0329b
Specify the syntax on markdown blocks to avoid broken output that has class=err
author | Dirk Olmes <dirk@xanthippe.ping.de> |
---|---|
date | Thu, 19 Dec 2019 10:04:33 +0100 |
parents | 9693693301f2 |
children |
line wrap: on
line source
Title: NFS setup Date: 2015-07-30 Lang: en I'm planning to put my [Raspberry Pi](https://www.raspberrypi.org/) back to use. I have always disliked its dependency on SD memory cards so I'm planning to put the Pi's root filesystem on NFS. The Pi side will be a topic for another blog post later, first I'll have to setup an NFS server on my main [Gentoo](https://www.gentoo.org) machine. The main NFS setup is described [on the Gentoo wiki](https://wiki.gentoo.org/wiki/NFS) in sufficient detail. I had a bit of a headache getting NFS through my [Shorewall](http://www.shorewall.net/) based firefall, though. There is a good section on NFS security in the [NFS-HOWTO](http://tldp.org/HOWTO/NFS-HOWTO/security.html) which describes all the necessary bits. And the Gentoo config files have all the required settings in their comments, too. It turns out that all you have to do is to put some configuration into place and the NFS server will play nicely with the firewall: In `/etc/sysctl.conf` these settings: :::shell fs.nfs.nlm_tcpport = 4001 fs.nfs.nlm_udpport = 4001 In `/etc/conf.d/nfs` enable these settings: :::shell OPTS_RPC_MOUNTD="-p 32767" OPTS_RPC_STATD="-p 32765 -o 32766" Now all NFS daemons should be locked down to specific ports so you can add appropriate shorewall rules: :::shell ACCEPT loc fw tcp 111 # portmapper ACCEPT loc fw udp 111 ACCEPT loc fw tcp 2049 # rpc.nfsd ACCEPT loc fw udp 2049 ACCEPT loc fw tcp 4001 # kernel lockd ACCEPT loc fw udp 4001 ACCEPT loc fw tcp 32765:32767 ACCEPT loc fw udp 32765:32767 Restart the nfs service and the firewall. Now clients on the local network should be able to mount shares over NFS.