NFS configuration process and basic configuration summary

Source: Internet
Author: User

1. Open Portmap and NFS service Portmap start
Service NFS Start
Chkconfig--level NFS
Chkconfig--level Protmap

2. The directory to be shared is written to the exports file, assuming that the shared directory is/sharedisk/
Vim/etc/exports
Add in the exports file
/sharedisk 192.168.0.0/24 (Rw,no_root_squash,async)
#表示将/sharedisk This directory to 192.168.0.* these clients, the parameters in parentheses are set in the meaning:

01 ro                     该主机对该共享目录有只读权限
02 rw                    该主机对该共享目录有读写权限
03 root_squash       客户机用root用户访问该共享文件夹时,将root用户映射成匿名用户
04 no_root_squash  客户机用root访问该共享文件夹时,不映射root用户
05 all_squash          客户机上的任何用户访问该共享目录时都映射成匿名用户
06 anonuid             将客户机上的用户映射成指定的本地用户ID的用户
07 anongid             将客户机上的用户映射成属于指定的本地用户组ID
08 sync                  资料同步写入到内存与硬盘中
09 async                资料会先暂存于内存中,而非直接写入硬盘
10 insecure            允许从这台机器过来的非授权访问

3. Restart NFS or use the EXPORTFS command to make the settings effective
Restart NFS:
Service NFS Restart

With Exportfs
Exportfs-rv

#exportfs用法
-A: All content in Mount or unmount/etc/exports
-R: Re-mount/etc/exports in the shared directory
-u:umount Directory
-V: Output Detailed information to the screen
This way, the server Side of NFS is set up.

4. Mount the directory on the client:

     create a mounted directory locally  
     mkdir/ Sharedisk
     mount-t NFS 192.168.0.10:/sharedisk /sharedisk
      #将服务器192/sharedisk/path on 168.0.10 to local
      at this point, if the server-side firewall is on, an error will be prompted, such as:
      mount:mount to NFS server ' 192.168.0.10 ' Failed:system error:no the route to host.
     This is mainly due to firewall problems caused by the opening of the corresponding port on the firewall
     because the NFS service needs to turn on Mountd,nfs, Nlockmgr,portmapper,rquotad These 5 services, you need to add these 5 services ports to iptables
     and NFS and portmapper two services are fixed ports, NFS is 2049,portmapper for 111. The other 3 services are random ports, then you need to set the ports of the 3 services to fixed.

5. View the ports of the current 5 services and record them with rpcinfo-p
Take a record of the ports that show NFS 2049, Portmapper 111, and the remaining three services.
MOUNTD 976
Rquotad 966
Nlockmgr 33993

6, set the port of the 3 services to fixed port, modify/etc/service, add the following (port number must be under 1024, and not occupied)
Vim/etc/services
On the last line of the file, add:
Mountd 976/tcp
Mountd 976/UDP
Rquotad 966/tcp
Rquotad 966/UDP
Nlockmgr 33993/tcp
Nlockmgr 33993/UDP
Save and exit.

Settings with NFS service port included

[[Email protected]]# Vi/etc/sysconfig/nfs

# Port Rquotad should listen on.
rquotad_port=966
# TCP Port RPC.LOCKD should listen on.
lockd_tcpport=33993
# UDP Port RPC.LOCKD should listen on.
lockd_udpport=33993
# Port RPC.MOUNTD should listen on.
mountd_port=976

Where the Portmapper NFS service port is fixed, respectively, is 111 2049

In addition the Rquotad nlockmgr MOUNTD service port is random. Because the port is random, this causes the firewall to fail to set up.

You need to configure/ETC/SYSCONFIG/NFS to secure the port Rquotad nlockmgr mountd.

Find the following items and remove the previous # number.

7. Restart the NFS service. Service NFS Restart

8. Open these 5 ports in a firewall
Edit Iptables configuration file
Vim/etc/sysconfig/iptables
Add the following line:

01 -A RH-Firewall-1-INPUT -s 192.168.0.0/24 -m state --state NEW -p tcp --dport 111 -j ACCEPT
02 -A RH-Firewall-1-INPUT -s 192.168.0.0/24 -m state --state NEW -p tcp --dport 976 -j ACCEPT
03 -A RH-Firewall-1-INPUT -s 192.168.0.0/24 -m state --state NEW -p tcp --dport 2049 -j ACCEPT
04 -A RH-Firewall-1-INPUT -s 192.168.0.0/24 -m state --state NEW -p tcp --dport 966 -j ACCEPT
05 -A RH-Firewall-1-INPUT -s 192.168.0.0/24 -m state --state NEW -p tcp --dport 33993 -j ACCEPT
06
07 -A RH-Firewall-1-INPUT -s 192.168.0.0/24 -m state --state NEW -p udp --dport 111 -j ACCEPT
08 -A RH-Firewall-1-INPUT -s 192.168.0.0/24 -m state --state NEW -p udp --dport 976 -j ACCEPT
09 -A RH-Firewall-1-INPUT -s 192.168.0.0/24 -m state --state NEW -p udp --dport 2049 -j ACCEPT
10 -A RH-Firewall-1-INPUT -s 192.168.0.0/24 -m state --state NEW -p udp --dport 966 -j ACCEPT
11 -A RH-Firewall-1-INPUT -s 192.168.0.0/24 -m state --state NEW -p udp --dport 33993 -j ACCEPT

Save exit and restart Iptables
Service Iptables Restart
Re-perform step 4 mount to

8. NFS Security Settings
Hosts.allow and Hosts.deny settings
Hosts.allow settings:
Portmap:ip
Hosts.deny settings:
Portmap:all

Configuration complete

Additional Information

01 ro                      只读访问
02 rw                      读写访问
03 sync所有数据在请求时写入共享
04 async                   NFS在写入数据前可以相应请求
05 secure                  NFS通过1024以下的安全TCP/IP端口发送
06 insecure                NFS通过1024以上的端口发送
07 wdelay                  如果多个用户要写入NFS目录,则归组写入(默认)
08 no_wdelay               如果多个用户要写入NFS目录,则立即写入,当使用async时,无需此设置。
09 hide                    在NFS共享目录中不共享其子目录
10 no_hide                 共享NFS目录的子目录
11 subtree_check           如果共享/usr/bin之类的子目录时,强制NFS检查父目录的权限(默认)
12 no_subtree_check        和上面相对,不检查父目录权限
13 all_squash              共享文件的UID和GID映射匿名用户anonymous,适合公用目录。
14 no_all_squash           保留共享文件的UID和GID(默认)
15 root_squash             root用户的所有请求映射成如anonymous用户一样的权限(默认)
16 no_root_squas           root用户具有根目录的完全管理访问权限
17 anonuid=xxx             指定NFS服务器/etc/passwd文件中匿名用户的UID
18 anongid=xxx             指定NFS服务器/etc/passwd文件中匿名用户的GID


1 /home/share     192.168.102.15(rw,sync,wdelay,hide,nocrossmnt,
2 secure,root_squash,no_all_squash,subtree_check,secure_locks,acl,
3 mapping=identity,anonuid=65534,anongid=65534)
4 /home/share     *(ro,sync,wdelay,hide,nocrossmnt,secure,root_squash,
5 no_all_squash,subtree_check,secure_locks,acl,mapping=identity,
6 anonuid=65534,anongid=65534)


NFS Configuration Command Summary

######################## #NFS服务端 ########################
1) Print system version
Cat/etc/redhat-release
Uname-r
Uname-m

2) Check and install the NFS service
Rpm-aq nfs=utils Portmap Rpcbind
Yum Grouplist
Yum Install nfs-utils rpcbind-y
Rpm-aq nfs-utils Portmap Rpcbind

3) Start the RPC and NFS services and check
/etc/init.d/rpcbind start
Ps-ef|grep RPC
/etc/init.d/rpcbind status
Rpcinfo-p localhost
/etc/init.d/nfs start
/etc/init.d/nfs status
Rpcinfo-p localhost

4) Set boot up and check
Chkconfig NFS On
Chkconfig Rpcbind on
Chkconfig--list NFS
Chkconfig--list Rpcbind

5) Configure the shared/data directory
Cat >>/etc/exports<<eof
#shared data for BBS by Laowoniu at 20151104
/data 100.1.1.0/24 (Rw,sync)
Eof
Cat/etc/exports

6) Create a shared directory
Mkdir/data
ll/data/
Chown-r Nfsnobody.nfsnobody/data

7) Smooth load NFS service and check service
/etc/init.d/nfs Reload
SHOWMOUNT-E localhost

######################## #NFS客户端 ########################
1) Check the system version
Cat/etc/redhat-release
Uname-r
Uname-m

2) Install the RPC service and check
Rpm-aq nfs-utils Portmap Rpcbind
Yum groupinstall "NFS file Server"-y
Rpm-aq nfs-utils Portmap Rpcbind

3) Start the RPC service and check
/etc/init.d/rpcbind start
/etc/init.d/rpcbind status

4) Set boot up and check
Chkconfig Rpcbind on
Chkconfig--list Rpcbind

5) Check if NFS on the server is OK
SHOWMOUNT-E 100.1.1.111
Troubleshoot problems
Ping 100.1.1.111
Telnet 100.1.1.111 111

6) Mount and test
Mount-t NFS 100.1.1.111:/data/mnt
Cd/mnt
Ls-l
Touch Test.log
Ls-l

7) Set up auto mount on boot
echo "Mount-t NFS 100.1.1.111:/data/mnt" >>/etc/rc.local

Error Resolution:
1) [[email protected] data]# rpcinfo-p localhost
Rpcinfo:can ' t contact portmapper:RPC:Remote system Error-connection

Refused
FIX: The RPC service does not start/etc/init.d/rpcbind start

2) [[email protected] mnt]# showmount-e 100.1.1.111
Clnt_create:RPC:Port mapper failure-unable to Receive:errno 113 (No

Route to host)
[Email protected] mnt]#
Workaround: Server firewall on block 111, turn off server Firewall service iptables stop

NFS configuration process and basic configuration summary

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.