Service Unix Linux Windows

Network File System (NFS)

v2 v3 v4 v4.1 v4.2

FreeBSD 13 

# ee /etc/rc.conf

nfs_server_enable="YES"
nfsv4_server_enable="YES"
nfsuserd_enable="YES"

# ee /etc/exports

V4:
/www/exchange /www/spaces/sayboy /www/spaces/ccgirl /www/spaces/licorne -mapall=april:transfer -network 192.168.2.0 -mask 255.255.255.0

# service nfsd restart
# /etc/rc.d/mountd onereload
# showmount -e

Ubuntu 24.04.01 LTS Server 

$ sudo apt install nfs-kernel-server

$ sudo cat /proc/fs/nfsd/versions
$ nfsstat -s

$ sudo systemctl enable/disable nfs-server
$ sudo systemctl start/stop/restart/statussud nfs-server

Enabling NFS v4 

$ sudo vim /etc/nfs.conf

[nfsd]
vers4=y
vers4.0=n
vers4.1=n
vers4.2=n

Configure export directory 

$ sudo vim /ect/exports

NFSv2 and NFSv3 

/nfs/nfsshare       hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)

rw – grant write permissions.

ro – provides read-only access.

sync – synchronous access mode.

async – means that you don’t need to wait for confirmation of writing on the disk (it improves NFS performance, but reduces reliability).

/nfs/nfsshare       192.168.1.0/24(rw,sync,no_subtree_check,no_root_squash)

root_squash - Map requests from uid/gid 0 to the anonymous uid/gid.

no_root_squash – allows the root user to get access to the NFS directory from a client (usually not recommended).

no_all_squash – enables user authentication, all_squash – allows accessing NFS share under an anonymous user.

no_subtree_check – disables a check that a user accessed a file in the directory (subtree_check is used by default).

/nfs/nfsshare       192.168.2.0/24(rw,sync,no_subtree_check,anonuid=1001,anongid=1000)

anonuid, anongid – map NFS user/group to the specified local user/group (UID or GID).

NFSv4 

/srv/nfs4        gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
/srv/nfs4/homes  gss/krb5i(rw,sync,no_subtree_check)

crossmnt – This option is similar to nohide but it makes it possible for clients to move from the filesystem marked with crossmnt to exported filesystems mounted on it.

fsid=0 – NFS server needs to be able to identify each filesystem that it exports. For NFSv4 server, there is a distinguished filesystem which is the root of all exported filesystem. This is specified with fsid=root or fsid=0 both of which mean exactly the same thing.

Export the file systems 

$ sudo exportfs -a
$ sudo exportfs -arv
$ sudo exportfs -auv

-a Export or unexport all directories.

-r Reexport all directories

-u Unexport one or more directories.

-v Be verbose. When exporting or exporting, show what’s going on. When displaying the current export list, also display the list of export options.

Displaying mount information 

$ showmount -a 192.168.1.1
$ showmount -d 192.168.1.1
$ showmount -e 192.168.1.1
$ showmount -v 192.168.1.1

-a List mounts in the format hostname:directory, where hostname is the name of the client and directory is the root directory of the mounted file system.

-d Only to list the directories mounted.

-e To print the list of exported filesystems

-v Get the version of the showmount command/package

Ubuntu 24.04.01 LTS Client 

$ sudo apt update && sudo apt upgrade
$ sudo apt install nfs-common

$ sudo showmount -e 192.168.1.3


$ sudo mount -t nfs -o vers=4 192.168.1.3:/nfs/nfsshare /mnt
$ sudo umount /mnt

Ubuntu 22.04 LTS Server 

$ sudo apt update && sudo apt upgrade
$ sudo hostnamectl set-hostname nfs-server.example.com --static
$ sudo apt -y install nfs-kernel-server

$ sudo systemctl enable --now nfs-server
$ sudo systemctl disable --now nfs-server
$ sudo apt autoremove nfs-server -y

$ sudo systemctl status nfs-server

$ sudo cat /proc/fs/nfsd/versions
$ nfsstat -m
$ nfsstat -s

Ubuntu 22.04 LTS Client 

$ sudo mount 192.168.2.4:/home/beth/conservation /nfs/conservation
$ sudo mount 192.168.2.4:/home/beth/collection /nfs/collection

$ sudo vim /etc/fstab
192.168.0.132:/var/nfs/example    /nfs/example   nfs auto,nofail,noatime,nolock,intr,tcp,actimeo=1800 0 0

$ sudo umount -a
$ sudo mount -a

CentOS 7 & 8 Server

If you want to use NFSv4.1/4.2 only, you don’t need to run rpcbind.

$ sudo dnf install nfs-utils
$ sudo apt install nfs-common
$ sudo cat /proc/fs/nfsd/versions

$ sudo dnf install rpcbind
$ sudo systemctl start rpcbind && systemctl enable rpcbind
$ sudo systemctl start nfs-server && systemctl enable nfs-server

$ sudo vim /etc/nfs.conf
$ sudo vim /etc/nfsmount.conf
$ sudo systemctl start/status/stop/enable/disenable nfs-server

Configure export directory 

$ sudo mkdir -p /nfs/{aa,bbb,cccc}
$ sudo mount --bind /home/aaron /nfs/aa
$ sudo mount --bind /www/hoho /nfs/bbb
$ sudo mount --bind /tmp /nfs/ccc

$ sudo vim /etc/fstab

Export the file systems 

$ sudo vim /etc/exports

/nfs/aaa 192.168.2.0/24 (rw,sync,all_squash,anonuid=1001,anongid=1000)
/nfs/bbb 192.168.2.0/24 (ro,sync,all_squash,anonuid=1001,anongid=1000)
/nfs/ccc 192.168.2.0/24 (ro,sync,all_squash,anonuid=1001,anongid=1000)

$ sudo exportfs -a

$ sudo nfsstat

CentOS 7 Client 

$ sudo yum -y install nfs-utils
$ sudo systemctl enable rpcbind
$ sudo systemctl start rpcbind

$ sudo showmount -v 显示版本号
$ sudo showmount -e localhost  显示此IP地址分享出来的目录
$ sudo showmount -e 192.168.1.1
$ sudo showmount -a 显示本地挂载的文件资源情况
$ sudo showmount -d

# mkdir /nfs_database
# chmod 777 /nfs_database
# mount -t nfs 192.168.2.100:/nfs_database /nfs_database

Debian 

# apt-get install nfs-kernel-server

Windows 10 Client 

> showmount -e 192.168.1.3
> umount V:\
> umount -f -a

Windows Key + R to open the Run dialog, type “optionalfeatures”, and press Enter.

enable the list “Services for NFS” > “Client for NFS”.

Windows Key + R to open the Run dialog, type “regedit”, and press Enter.

New > QWORD (64-bit) Value

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ClientForNFS\CurrentVersion\Default]
"AnonymousGid"="1108"
"AnonymousUid"="1109"

Windows Key + R to open the Run dialog, type “power shell”, and press Enter.

New-ItemProperty HKLM:\SOFTWARE\Microsoft\ClientForNFS\CurrentVersion\Default -Name AnonymousUID -Value 1109  -PropertyType "DWord"
New-ItemProperty HKLM:\SOFTWARE\Microsoft\ClientForNFS\CurrentVersion\Default -Name AnonymousGID -Value 1108  -PropertyType "DWord"

Firewall

UFW

IPTables 

$ sudo iptables -t filter -A INPUT -p tcp --dport 2049 -j ACCEPT
$ sudo iptables -t filter -A INPUT -p tcp --dport 20048 -j ACCEPT
$ sudo service iptables save
$ sudo service iptables restart

Firewalld 

$ sudo firewall-cmd --permanent --add-port=111/tcp
$ sudo firewall-cmd --permanent --add-port=20048/tcp
$ sudo firewall-cmd --permanent --add-service=nfs
$ sudo firewall-cmd --zone=public --permanent --add-service={rpc-bind,mountd,nfs}
$ sudo firewall-cmd --reload

Notes

CEE-1999-0554 

$ sudo vim /etc/hosts.allow

$ sudo vim /etc/hosts.deny

Transmission speed optimization 

$ time dd if=/dev/zero of=/tmp/testfile.dat bs=8k count=16384 
$ time dd if=/dev/zero of=/tmp/testfile.dat bs=16k count=16384
$ time dd if=/dev/zero of=/tmp/testfile.dat bs=32k count=16384

$ time dd if=/tmp/testfile.dat of=/dev/null bs=8k
$ time dd if=/tmp/testfile.dat of=/dev/null bs=16k
$ time dd if=/tmp/testfile.dat of=/dev/null bs=32k

$ sudo vim /etc/nfsmount.conf

# Maximum Read Size (in Bytes)
# Rsize=8k
#
# Maximum Write Size (in Bytes)
# Wsize=8k
#
# Maximum Server Block Size (in Bytes)
# Bsize=8k
Nfs
Licensed under CC BY-NC-SA 4.0
comments powered by Disqus