Linux Server NFS + Firewall Configuration

The company recently bought four new computing servers, each of which has a 2 Tb x 3 hard drive. For ease of computing, we plan to set them to nfs so that data can be read and written between them. 1. Enable portmap and nfs service www.2cto.com service portmap start service nfs start 2. Write the directory to be shared to the exports file. Assume that the shared directory is/sharedisk/vim/etc/exports in the exports file. add/sharedisk 192.168.0.0/24 (rw, no_root_squash, async) # share the/sharedisk directory to 192.168.0. * For these clients, the parameter settings in brackets mean: ro this host has read-only permission on the shared directory rw this host has read and write permission on the shared directory root_squash when the client accesses the shared folder with the root user, the root user is mapped to the anonymous user no_root_squash. When the client uses the root user to access the shared folder, it does not map any user on the root user all_squash client to access the shared directory. Ing to anonymous user anonuid, ing the user on the client to the user anongid of the specified local user ID, ing the user on the client to the user of the specified local user group ID sync data synchronously written to the memory and the async files on the hard disk are saved to the memory first, instead of writing data directly to the hard disk, insecure allows unauthorized access from this machine. 3. Restart nfs or use the exportfs command to make the settings take effect. www.2cto.com to restart nfs: service nfs restart use exportfs-rv # exportfs usage-a: All mount or unmount/etc/exports content-r: re-mount the directory-u: umount directory-v: shared in/etc/exports to output the detailed information to the screen so that the nfs server can be configured. 4. mount the directory on the client: create a local mount directory www.2cto.com mkdir/sharedisk mount-t nfs 192.168.0.10: /sharedisk # mount the/sharedisk/path on the server 192.168.0.10 to the local disk. If the firewall on the server is on, an error will be prompted, for example, mount: mount to NFS server '2017. 168.0.10 'failed': System Error: No route to host. I was stuck here when I was mounting, but I was not familiar with the firewall settings, I found some documents on the Internet, followed by instructions, but I still couldn't. Later I first read the iptables documents, searched for the services required by nfs, and finally got it done based on the settings document I saw earlier. As the nfs service needs to enable the mountd, nfs, nlockmgr, portmapper, and rquotad services, add the ports of these five services to iptables. the nfs and portmapper services have fixed ports, nfs is 2049, and portmapper is 111. The other three services use random ports. Therefore, you must set the ports of the three services to fixed. 5. view the ports of the five services and record them. Use rpcinfo-p. nfs 2049, portmapper 111, set the remaining three service ports to www.2cto.com mountd 976 rquotad 966 nlockmgr 33993 6. Set the ports of these three services to fixed ports vim/etc/services in the file add the last line: mountd 976/tcp mountd 976/udp rquotad 966/tcp rquotad 966/udp nlockmgr 33993/tcp nlockmgr 33993/udp save and exit. 7. Restart the nfs service. Service nfs restart www.2cto.com 8. Open these five ports in the firewall and edit the iptables configuration file vim/etc/sysconfig/iptables to add the following lines: -A RH-Firewall-1-INPUT-s 192.168.0.0/24-m state -- state NEW-p tcp -- dport 111-j ACCEPT-A RH-Firewall-1-INPUT-s 192.168.0.0/24-m state -- state NEW-p tcp -- dport 976-j ACCEPT-A RH-Firewall-1-INPUT-s 192.168.0.0/24-m state -- state NEW-p tcp -- dport 2049-j ACCEPT-A RH-Firewall-1-INPUT-s 192.168.0.0/24-m state -- state NEW-p tcp -- dport 966-j ACCEPT-A RH-Firewall-1-INPUT-s 192.168.0.0/24-m state -- state NEW-p tcp -- dport 33993-j ACCEPT-A RH-Firewall-1-INPUT-s 192.168.0.0/24-m state -- state NEW-p udp -- dport 111-j ACCEPT-A RH-Firewall-1-INPUT-s 192.168.0.0/24-m state -- state NEW-p udp -- dport 976-j ACCEPT-A RH-Firewall-1-INPUT-s 192.168.0.0/24-m state -- state NEW-p udp -- dport 2049-j ACCEPT-A RH-Firewall-1-INPUT-s 192.168.0.0/24-m state -- state NEW-p udp -- dport 966-j ACCEPT-A RH-Firewall-1-INPUT-s 192.168.0.0/24- m state -- state NEW-p udp -- dport 33993-j ACCEPT www.2cto.com save and quit and restart iptables service iptables restart to re-Execute Step 4 mount to test the server as lincy100 by centos5.5