yum install nfs-utils nfs4-acl-tools portmap

Login as bozz user on the server
Check if rpcbind is installed:

$ rpm -q rpcbind
rpcbind-0.2.0-8.el6.x86_64

if not, install it:

$ sudo yum install rpcbind

Install NFS-related packages:

$ sudo yum install nfs-utils nfs-utils-lib

Once installed, configure the nfs, nfslock and rpcbind to run as daemons:

$ sudo chkconfig –level 35 nfs on
$ sudo chkconfig –level 35 nfslock on
$ sudo chkconfig –level 35 rpcbind on

then start the rpcbind and nfs daemons:

$ sudo service rpcbind start
$ sudo service nfslock start
$ sudo service nfs start

$ rpcinfo -p localhost
program vers proto   port  service
100000    4   tcp    111  portmapper
100000    3   tcp    111  portmapper
100000    2   tcp    111  portmapper
100000    4   udp    111  portmapper
100000    3   udp    111  portmapper
100000    2   udp    111  portmapper
100024    1   udp  40481  status
100024    1   tcp  49796  status
100011    1   udp    875  rquotad
100011    2   udp    875  rquotad
100011    1   tcp    875  rquotad
100011    2   tcp    875  rquotad
100003    2   tcp   2049  nfs
100003    3   tcp   2049  nfs
100003    4   tcp   2049  nfs
100227    2   tcp   2049  nfs_acl
100227    3   tcp   2049  nfs_acl
100003    2   udp   2049  nfs
100003    3   udp   2049  nfs
100003    4   udp   2049  nfs
100227    2   udp   2049  nfs_acl
100227    3   udp   2049  nfs_acl
100021    1   udp  32769  nlockmgr
100021    3   udp  32769  nlockmgr
100021    4   udp  32769  nlockmgr
100021    1   tcp  32803  nlockmgr
100021    3   tcp  32803  nlockmgr
100021    4   tcp  32803  nlockmgr
100005    1   udp    892  mountd
100005    1   tcp    892  mountd
100005    2   udp    892  mountd
100005    2   tcp    892  mountd
100005    3   udp    892  mountd
100005    3   tcp    892  mountd

$ sudo nano /etc/exports

then append:

/home/public *(ro,sync,all_squash)
/home/common *(rw,sync,all_squash)

Create the directories to be published with the correct permissions:

$ sudo mkdir -p /home/public
$ sudo chown nfsnobody:nfsnobody /home/public
$ sudo mkdir -p /home/common
$ sudo chown nfsnobody:nfsnobody /home/common

it should end like this:

$ ls -l /home/

drwxr-xr-x. 2 nfsnobody nfsnobody  4096 Feb 20 12:55 common
drwxr-xr-x. 7 nfsnobody nfsnobody  4096 Feb 17 14:44 public

[OPTIONAL] Allow bozz user to locally write on the created directories by appending it  to nfsnobody group and granting write permissions to the group:

$ sudo usermod -a -G nfsnobody bozz
$ sudo chmod g+w /home/public
$ sudo chmod g+w /home/common

it should end like this:

$ ls -l /home/

drwxrwxr-x. 2 nfsnobody nfsnobody  4096 Feb 20 12:40 common
drwxrwxr-x. 7 nfsnobody nfsnobody  4096 Feb 17 14:44 public

Security issues. To allow remote access some firewall rules and other NFS settings must be changed. You need to open the following ports:
TCP/UDP 111 – RPC 4.0 portmapper
TCP/UDP 2049 – NFSD (nfs server)
Portmap static ports, Various TCP/UDP ports defined in /etc/sysconfig/nfs file.
the portmapper assigns each NFS service to a port dynamically at service startup time, but dynamic ports cannot be protected by iptables. First, you need to configure NFS services to use fixed ports. Edit /etc/sysconfig/nfs, enter:

$ sudo nano /etc/sysconfig/nfs

and set:

LOCKD_TCPPORT=32803
LOCKD_UDPPORT=32769
MOUNTD_PORT=892
RQUOTAD_PORT=875
STATD_PORT=662
STATD_OUTGOING_PORT=2020

then restart nfs daemons:

$ sudo service rpcbind restart
$ sudo service nfs restart

update iptables rules by editing /etc/sysconfig/iptables, enter:

$ sudo nano /etc/sysconfig/iptables

and append the following rules:

-A INPUT -s 0.0.0.0/0 -m state –state NEW -p udp –dport 111 -j ACCEPT
-A INPUT -s 0.0.0.0/0 -m state –state NEW -p tcp –dport 111 -j ACCEPT
-A INPUT -s 0.0.0.0/0 -m state –state NEW -p tcp –dport 2049 -j ACCEPT
-A INPUT -s 0.0.0.0/0  -m state –state NEW -p tcp –dport 32803 -j ACCEPT
-A INPUT -s 0.0.0.0/0  -m state –state NEW -p udp –dport 32769 -j ACCEPT
-A INPUT -s 0.0.0.0/0  -m state –state NEW -p tcp –dport 892 -j ACCEPT
-A INPUT -s 0.0.0.0/0  -m state –state NEW -p udp –dport 892 -j ACCEPT
-A INPUT -s 0.0.0.0/0  -m state –state NEW -p tcp –dport 875 -j ACCEPT
-A INPUT -s 0.0.0.0/0  -m state –state NEW -p udp –dport 875 -j ACCEPT
-A INPUT -s 0.0.0.0/0  -m state –state NEW -p tcp –dport 662 -j ACCEPT
-A INPUT -s 0.0.0.0/0 -m state –state NEW -p udp –dport 662 -j ACCEPT

restart iptables daemon:

$ sudo service iptables restart

Mount NFS shared directories: Install client NFS packages first:
on Ubuntu client:

$ sudo apt-get install nfs-common

on CentOS client:

$ sudo yum install nfs-utils nfs-utils-lib

inquiry for the list of all shared directories:

$ showmount -e SERVERADDRESS

mount server’s /home/public on client’s /public:

$ sudo mkdir -p /public
$ sudo mount SERVERADDRESS:/home/public /public
$ df -h

mount server’s /home/common on client’s /common:

$ sudo mkdir -p /common
$ sudo mount SERVERADDRESS:/home/common /common
$ df -h

Mount NFS automatically after reboot on the client. Edit /etc/fstab, enter:

$ sudo nano /etc/fstab

append the following line:

#Directory                   Mount Point    Type   Options       Dump   FSCK
SERVER_IP_ADDRESS:/home/public /public nfs hard 0 0
SERVER_IP_ADDRESS:/home/common /common nfs hard 0 0

to test the correctness of /etc/fstab before restarting, you can try to manually mount /public and /common:

$ sudo mount /public
$ sudo mount /common

http://eduardo-lago.blogspot.com/2012/02/installing-nfs-on-centos-62.html

Advertisements