OverviewIn a pure NFSv4 environment, only port 2049 is required to be allowed though your firewall. Some clients however, such as OS X, use NFS3 and require extra... Procedure Install the NFS server.Install the package sudo apt-get install nfs-kernel-server
Configure your exports
Configure Static Ports mountd(This is all that's needed in a read-only environment)
vim /etc/default/nfs-kernel-server
lockd vim /etc/modprobe.d/local.conf
options lockd nlm_udpport=32768 nlm_tcpport=32768
options nfs callback_tcpport=32764
You also need to make sure lockd loads at boot. If you wait for the rpcmapper service to load it, you won't get the port you specified (or so it seems). Add the lockd module to the end of the existing file. sudo vim /etc/modules
nfsd
vim /etc/default/nfs-common
STATDOPTS="--port 32765 --outgoing-port 32766"
quotad (This is an optional service and may not be present)
RPCRQUOTADOPTS="-p 32769"
Step 3 - Configure The FirewallWhile your exports are configured to specific IP addresses, you probably don't want random people connecting to your NFS service attempting to find out. Hense, a firewall. Plus you're probably using it anyway.
sudo vim /etc/ufw/applications.d/nfs-static
ports=111,2048,2049, 32764:32769/udp|111,2048,2049,32764:32769/tcp
sudo ufw allow from 192.168.1.0/24 to any app nfs-static
Step 2 - Install and Configure the NFS client
Install the package
sudo apt-get install nfs-common
Mount the exported file system
sudo mount -t nfs home:/someFolder /mnt/someFolder
And add it to your fstab so it sticks after a reboot
home:/someFolder /mnt/someFolder nfs auto 0 0
This would be all you needed -if- you didn't want to run a firewall. I skipped the tcp wrappers config, as we'll be securing with UFW.
OS X Client Side optimizationWhen you mount a NFS share using the Max Finder, you'll be able to browse folder well, but doing file operations will hand the browser. You'll see this in your NFS server's logs
lockd: cannot monitor mac.gattis.org
Tell finder not to use locks by editing this file with the following content
nfs.client.mount.options = nolock
You'll see other comments suggesting you should edit the autofs.conf file and add 'nolocks,locallocks to the automount options. This may or may not have an effect.
sudo vim /etc/autofs.conf
AUTOMOUNTD_MNTOPTS=nosuid,nodev,nolocks,locallocks
You can also mount in finder with a version 4 flag. That may help.
nfs://vers=4,192.168.1.5/srv/nfs4
Edit the export file and add insecure to the export vim /etc/exports
/srv 192.168.1.0/24(rw,async,fsid=0,insecure,crossmnt,no_subtree_check)
Sources
https://wiki.archlinux.org/index.php/NFS
client - https://help.ubuntu.com/community/SettingUpNFSHowTo http://www.novell.com/support/kb/doc.php?id=7000524 http://www.whileifblog.com/2012/07/18/ubuntu-server-configure-ufw-to-nfs-in-alternative-port/ http://processors.wiki.ti.com/index.php/NFS_Setup https://help.ubuntu.com/community/SettingUpNFSHowTo https://wiki.debian.org/SecuringNFS |
|