Mercurial > hg > Blog
view content/Linux/nfs.md @ 112:cf31bf5fce72 default tip
Author of the blog post as mail header for efficient spam filtering
| author | Dirk Olmes <dirk.olmes@codedo.de> |
|---|---|
| date | Tue, 06 Sep 2022 07:04:11 +0200 |
| parents | 1d9382b0329b |
| children |
line wrap: on
line source
Title: NFS setup Date: 2015-07-30 Lang: en I'm planning to put my [Raspberry Pi](https://www.raspberrypi.org/) back to use. I have always disliked its dependency on SD memory cards so I'm planning to put the Pi's root filesystem on NFS. The Pi side will be a topic for another blog post later, first I'll have to setup an NFS server on my main [Gentoo](https://www.gentoo.org) machine. The main NFS setup is described [on the Gentoo wiki](https://wiki.gentoo.org/wiki/NFS) in sufficient detail. I had a bit of a headache getting NFS through my [Shorewall](http://www.shorewall.net/) based firefall, though. There is a good section on NFS security in the [NFS-HOWTO](http://tldp.org/HOWTO/NFS-HOWTO/security.html) which describes all the necessary bits. And the Gentoo config files have all the required settings in their comments, too. It turns out that all you have to do is to put some configuration into place and the NFS server will play nicely with the firewall: In `/etc/sysctl.conf` these settings: :::shell fs.nfs.nlm_tcpport = 4001 fs.nfs.nlm_udpport = 4001 In `/etc/conf.d/nfs` enable these settings: :::shell OPTS_RPC_MOUNTD="-p 32767" OPTS_RPC_STATD="-p 32765 -o 32766" Now all NFS daemons should be locked down to specific ports so you can add appropriate shorewall rules: :::shell ACCEPT loc fw tcp 111 # portmapper ACCEPT loc fw udp 111 ACCEPT loc fw tcp 2049 # rpc.nfsd ACCEPT loc fw udp 2049 ACCEPT loc fw tcp 4001 # kernel lockd ACCEPT loc fw udp 4001 ACCEPT loc fw tcp 32765:32767 ACCEPT loc fw udp 32765:32767 Restart the nfs service and the firewall. Now clients on the local network should be able to mount shares over NFS.