NFS configuration process and basic configuration summary

1. Open Portmap and NFS service Portmap start
Service NFS Start
Chkconfig--level NFS
Chkconfig--level Protmap

2. The directory to be shared is written to the exports file, assuming that the shared directory is/sharedisk/
Vim/etc/exports
Add in the exports file
/sharedisk 192.168.0.0/24 (Rw,no_root_squash,async)
#表示将/sharedisk This directory to 192.168.0.* these clients, the parameters in parentheses are set in the meaning:

01	ro                     该主机对该共享目录有只读权限

02	rw                    该主机对该共享目录有读写权限

03	root_squash       客户机用root用户访问该共享文件夹时，将root用户映射成匿名用户

04	no_root_squash  客户机用root访问该共享文件夹时，不映射root用户

05	all_squash          客户机上的任何用户访问该共享目录时都映射成匿名用户

06	anonuid             将客户机上的用户映射成指定的本地用户ID的用户

07	anongid             将客户机上的用户映射成属于指定的本地用户组ID

08	sync                  资料同步写入到内存与硬盘中

09	async                资料会先暂存于内存中，而非直接写入硬盘

10	insecure            允许从这台机器过来的非授权访问

3. Restart NFS or use the EXPORTFS command to make the settings effective
Restart NFS:
Service NFS Restart

With Exportfs
Exportfs-rv

#exportfs用法
-A: All content in Mount or unmount/etc/exports
-R: Re-mount/etc/exports in the shared directory
-u:umount Directory
-V: Output Detailed information to the screen
This way, the server Side of NFS is set up.

4. Mount the directory on the client:

     create a mounted directory locally  
     mkdir/ Sharedisk
     mount-t NFS 192.168.0.10:/sharedisk /sharedisk
      #将服务器192/sharedisk/path on 168.0.10 to local
      at this point, if the server-side firewall is on, an error will be prompted, such as:
      mount:mount to NFS server ' 192.168.0.10 ' Failed:system error:no the route to host.
     This is mainly due to firewall problems caused by the opening of the corresponding port on the firewall
     because the NFS service needs to turn on Mountd,nfs, Nlockmgr,portmapper,rquotad These 5 services, you need to add these 5 services ports to iptables
     and NFS and portmapper two services are fixed ports, NFS is 2049,portmapper for 111. The other 3 services are random ports, then you need to set the ports of the 3 services to fixed.

5. View the ports of the current 5 services and record them with rpcinfo-p
Take a record of the ports that show NFS 2049, Portmapper 111, and the remaining three services.
MOUNTD 976
Rquotad 966
Nlockmgr 33993

6, set the port of the 3 services to fixed port, modify/etc/service, add the following (port number must be under 1024, and not occupied)
Vim/etc/services
On the last line of the file, add:
Mountd 976/tcp
Mountd 976/UDP
Rquotad 966/tcp
Rquotad 966/UDP
Nlockmgr 33993/tcp
Nlockmgr 33993/UDP
Save and exit.

Settings with NFS service port included

[[Email protected]]# Vi/etc/sysconfig/nfs

# Port Rquotad should listen on.
rquotad_port=966
# TCP Port RPC.LOCKD should listen on.
lockd_tcpport=33993
# UDP Port RPC.LOCKD should listen on.
lockd_udpport=33993
# Port RPC.MOUNTD should listen on.
mountd_port=976

Where the Portmapper NFS service port is fixed, respectively, is 111 2049

In addition the Rquotad nlockmgr MOUNTD service port is random. Because the port is random, this causes the firewall to fail to set up.

You need to configure/ETC/SYSCONFIG/NFS to secure the port Rquotad nlockmgr mountd.

Find the following items and remove the previous # number.

7. Restart the NFS service. Service NFS Restart

8. Open these 5 ports in a firewall
Edit Iptables configuration file
Vim/etc/sysconfig/iptables
Add the following line:

01	-A RH-Firewall-1-INPUT -s 192.168.0.0/24 -m state --state NEW -p tcp --dport 111 -j ACCEPT

02	-A RH-Firewall-1-INPUT -s 192.168.0.0/24 -m state --state NEW -p tcp --dport 976 -j ACCEPT

03	-A RH-Firewall-1-INPUT -s 192.168.0.0/24 -m state --state NEW -p tcp --dport 2049 -j ACCEPT

04	-A RH-Firewall-1-INPUT -s 192.168.0.0/24 -m state --state NEW -p tcp --dport 966 -j ACCEPT

05	-A RH-Firewall-1-INPUT -s 192.168.0.0/24 -m state --state NEW -p tcp --dport 33993 -j ACCEPT

06

07	-A RH-Firewall-1-INPUT -s 192.168.0.0/24 -m state --state NEW -p udp --dport 111 -j ACCEPT

08	-A RH-Firewall-1-INPUT -s 192.168.0.0/24 -m state --state NEW -p udp --dport 976 -j ACCEPT

09	-A RH-Firewall-1-INPUT -s 192.168.0.0/24 -m state --state NEW -p udp --dport 2049 -j ACCEPT

10	-A RH-Firewall-1-INPUT -s 192.168.0.0/24 -m state --state NEW -p udp --dport 966 -j ACCEPT

11	-A RH-Firewall-1-INPUT -s 192.168.0.0/24 -m state --state NEW -p udp --dport 33993 -j ACCEPT

Save exit and restart Iptables
Service Iptables Restart
Re-perform step 4 mount to

8. NFS Security Settings
Hosts.allow and Hosts.deny settings
Hosts.allow settings:
Portmap:ip
Hosts.deny settings:
Portmap:all

Configuration complete

Additional Information

01	ro                      只读访问

02	rw                      读写访问

03	sync所有数据在请求时写入共享

04	async                   NFS在写入数据前可以相应请求

05	secure                  NFS通过1024以下的安全TCP/IP端口发送

06	insecure                NFS通过1024以上的端口发送

07	wdelay                  如果多个用户要写入NFS目录，则归组写入（默认）

08	no_wdelay               如果多个用户要写入NFS目录，则立即写入，当使用async时，无需此设置。

09	hide                    在NFS共享目录中不共享其子目录

10	no_hide                 共享NFS目录的子目录

11	subtree_check           如果共享/usr/bin之类的子目录时，强制NFS检查父目录的权限（默认）

12	no_subtree_check        和上面相对，不检查父目录权限

13	all_squash              共享文件的UID和GID映射匿名用户anonymous，适合公用目录。

14	no_all_squash           保留共享文件的UID和GID（默认）

15	root_squash             root用户的所有请求映射成如anonymous用户一样的权限（默认）

16	no_root_squas           root用户具有根目录的完全管理访问权限

17	anonuid=xxx             指定NFS服务器/etc/passwd文件中匿名用户的UID

18	anongid=xxx             指定NFS服务器/etc/passwd文件中匿名用户的GID

1	/home/share     192.168.102.15(rw,sync,wdelay,hide,nocrossmnt,

2	secure,root_squash,no_all_squash,subtree_check,secure_locks,acl,

3	mapping=identity,anonuid=65534,anongid=65534)

4	/home/share     *(ro,sync,wdelay,hide,nocrossmnt,secure,root_squash,

5	no_all_squash,subtree_check,secure_locks,acl,mapping=identity,

6	anonuid=65534,anongid=65534)

NFS Configuration Command Summary

######################## #NFS服务端 ########################
1) Print system version
Cat/etc/redhat-release
Uname-r
Uname-m

2) Check and install the NFS service
Rpm-aq nfs=utils Portmap Rpcbind
Yum Grouplist
Yum Install nfs-utils rpcbind-y
Rpm-aq nfs-utils Portmap Rpcbind

3) Start the RPC and NFS services and check
/etc/init.d/rpcbind start
Ps-ef|grep RPC
/etc/init.d/rpcbind status
Rpcinfo-p localhost
/etc/init.d/nfs start
/etc/init.d/nfs status
Rpcinfo-p localhost

4) Set boot up and check
Chkconfig NFS On
Chkconfig Rpcbind on
Chkconfig--list NFS
Chkconfig--list Rpcbind

5) Configure the shared/data directory
Cat >>/etc/exports<<eof
#shared data for BBS by Laowoniu at 20151104
/data 100.1.1.0/24 (Rw,sync)
Eof
Cat/etc/exports

6) Create a shared directory
Mkdir/data
ll/data/
Chown-r Nfsnobody.nfsnobody/data

7) Smooth load NFS service and check service
/etc/init.d/nfs Reload
SHOWMOUNT-E localhost

######################## #NFS客户端 ########################
1) Check the system version
Cat/etc/redhat-release
Uname-r
Uname-m

2) Install the RPC service and check
Rpm-aq nfs-utils Portmap Rpcbind
Yum groupinstall "NFS file Server"-y
Rpm-aq nfs-utils Portmap Rpcbind

3) Start the RPC service and check
/etc/init.d/rpcbind start
/etc/init.d/rpcbind status

4) Set boot up and check
Chkconfig Rpcbind on
Chkconfig--list Rpcbind

5) Check if NFS on the server is OK
SHOWMOUNT-E 100.1.1.111
Troubleshoot problems
Ping 100.1.1.111
Telnet 100.1.1.111 111

6) Mount and test
Mount-t NFS 100.1.1.111:/data/mnt
Cd/mnt
Ls-l
Touch Test.log
Ls-l

7) Set up auto mount on boot
echo "Mount-t NFS 100.1.1.111:/data/mnt" >>/etc/rc.local

Error Resolution:
1) [[email protected] data]# rpcinfo-p localhost
Rpcinfo:can ' t contact portmapper:RPC:Remote system Error-connection

Refused
FIX: The RPC service does not start/etc/init.d/rpcbind start

2) [[email protected] mnt]# showmount-e 100.1.1.111
Clnt_create:RPC:Port mapper failure-unable to Receive:errno 113 (No

Route to host)
[Email protected] mnt]#
Workaround: Server firewall on block 111, turn off server Firewall service iptables stop

NFS configuration process and basic configuration summary