Fedora Linux Support Community & Resources Center

Go Back   FedoraForum.org > Fedora Resources > Guides & Solutions (No Questions)
FedoraForum Search

Forgot Password? Join Us!

Guides & Solutions (No Questions) Post your guides here (No links to Blogs accepted). You can also append your comments/questions to a guide, but don't start a new thread to ask a question. Use another forum for that.

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 2nd April 2006, 09:51 PM
steve1961 Offline
Registered User
 
Join Date: Jul 2005
Location: Coventry, UK
Posts: 583
How to setup NFS shares in FC5

If you shares files between Linux boxes one of the easiest ways to do this is by using NFS. I thought this quick guide for setting up an NFS network might be useful. This might not be the best or only way of doing it but this works for me.

Server Settings

First off you need to configure the machine that's going to act as the server by doing the following (you need to be root for this):

1. Install the NFS packages using yum:

Code:
yum install nfs-utils nfs-utils-lib portmap system-config-nfs
2. You now need to set up your /etc/exports file with details of the directory you want to share, who is allowed to share it, and permissions. So:

Code:
gedit /etc/exports
Then add an entry similar to the one below, and save and close:
Code:
/home/admin 192.168.2.30(rw,no_root_squash,sync)
The first part is the directory I want to share, the second the IP address of the client who is allowed to access the directory, and the part in brackets allows read/write access and root access on the server (the no_root_squash entry is optional)

Note: if you prefer a gui and you're using Fedora as a server you can configure the exports file from the Desktop>Administration>Server Settings>NFS menu.

3. Now edit your hosts.allow file:

Code:
gedit /etc/hosts.allow
Paste in the following but change the IP address to the IP address of the client who will be allowed to access the server, in my case 192.168.2.30

Code:
portmap: 192.168.2.30
lockd: 192.168.2.30
mountd: 192.168.2.30
rquotad: 192.168.2.30
statd: 192.168.2.30
Save and close.

If multiple clients can access the server separate IP addresses with commas.

4. Now edit your hosts.deny file:

Code:
gedit /etc/hosts.deny
Paste in the following:

Code:
portmap: ALL
lockd: ALL
mountd: ALL
rquotad: ALL
statd: ALL
This prevents all hosts not listed in hosts.allow from accessing the server.

5. Open the Desktop>Administration>Security Level and Firewall menu. Select the Firewall Options tab and open the "Other Ports" dialogue. Use the "add" button to add the following:

2049 UDP
2049 TCP
111 UDP
111 TCP

Click OK.

Note: if you run FC4 there's a blank line called other ports. Just enter 2049:tcp,2049:udp,111:tcp,111:udp and hit OK.

6. The next step is exporting the directories you want to share and starting the NFS services. To start the nfs services type the following command into a terminal (as root):

Code:
chkconfig nfs on
Then export the directories from /etc/exports:

Code:
exportfs -ra
Reboot and the services will start automatically.

Client Settings

Setting up the client side of NFS is fairly straightforward. I'm not sure whether it's absolutely necessary to install all the NFS packages for the client but I always do, as I might want the client to act as a server if I'm working on another machine. So the steps I follow are:

1. Install NFS packages:
Code:
yum install nfs-utils nfs-utils-lib portmap system-config-nfs
2. Open the folowing ports in the firewall:

2049 UDP
2049 TCP
111 UDP
111 TCP

3. Create a mountpoint for the NFS share (as root):

Code:
mkdir /media/admin
and set permissions so that you can access this mount point as a user:

Code:
chmod 777 /media/admin
4. Add an entry to fstab:
Code:
gedit /etc/fstab
Paste an entry at the bottom of the file that looks something like this:
Code:
192.168.2.5:/home/admin         /media/admin    nfs     noauto,rw,user 0 0
The first part is the IP address of the server and the directory that will be accessed. Dont forget to adapt the entry for your settings.

Save and close gedit.

5. As root type:

Code:
mount -a
7. Make sure you can see the running services on the server by typing:

Code:
rpcinfo -p 192.168.2.5 (the IP address of the server).
If you can, move on to the next step.

6. To mount the share type:

Code:
mount /media/admin
The share should appear on your desktop and you can access it like any ordinary directory.

I think that's it but apologise in advance if I've missed any key steps. Enjoy!

Update: a quick note on IP addresses. In theory you can use host names but I've never managed to get this to work. I have a Belkin router that automatically assigns IP addresses by DHCP but I found that it was relatively straightforward to change this so that all my boxes had static IP addresses. You will need to do this otherwise your settings will have to be changed every time an IP address changes.

Last edited by steve1961; 3rd April 2006 at 06:13 PM.
Reply With Quote
  #2  
Old 2nd April 2006, 11:46 PM
jim Offline
Retired Community Manager & Avid Drinker Of Suds
 
Join Date: Feb 2005
Location: Rochester NY
Age: 39
Posts: 4,175
Ok works good so far but 1 error

Quote:
[root@localhost ~]# mount /media/server-files
mount: 192.168.1.50:/mnt/files failed, reason given by server: Permission denied
[root@localhost ~]#
and from my server
Quote:
Apr 2 18:50:54 lawrendsktp1 rpc.mountd: mount request from unknown host 192.168.1.51 for /mnt/files (/mnt/files)
__________________
Registered Linux User: #376813
Western NY
My linux site
Smolt Profile

please remember to say if you problem was solved

Did you get your id10t award today?

Last edited by jim; 2nd April 2006 at 11:51 PM.
Reply With Quote
  #3  
Old 3rd April 2006, 01:29 AM
jim Offline
Retired Community Manager & Avid Drinker Of Suds
 
Join Date: Feb 2005
Location: Rochester NY
Age: 39
Posts: 4,175
Here is what I did to at least get connected

commented out the host.deny

So how can I fix this to improve the security ?
__________________
Registered Linux User: #376813
Western NY
My linux site
Smolt Profile

please remember to say if you problem was solved

Did you get your id10t award today?
Reply With Quote
  #4  
Old 3rd April 2006, 01:34 AM
Firewing1 Offline
Registered User
 
Join Date: Dec 2004
Location: Canada
Age: 23
Posts: 9,224
Why not just use system-config-nfs as the same way as system-config-samba as shown in my server setup howto? (see sig. link)
Firewing1
__________________
[+] My open source software and blog
[+] Some of my howtos: (for full list, click here)
Reply With Quote
  #5  
Old 3rd April 2006, 01:36 AM
jim Offline
Retired Community Manager & Avid Drinker Of Suds
 
Join Date: Feb 2005
Location: Rochester NY
Age: 39
Posts: 4,175
I can connect either way, but if I have the following in my host.deny
Quote:
portmap: ALL
lockd: ALL
mountd: ALL
rquotad: ALL
statd: ALL
i get the access denied
__________________
Registered Linux User: #376813
Western NY
My linux site
Smolt Profile

please remember to say if you problem was solved

Did you get your id10t award today?
Reply With Quote
  #6  
Old 3rd April 2006, 01:54 AM
Nels664868 Offline
Registered User
 
Join Date: May 2005
Location: Greensboro, NC
Age: 53
Posts: 149
on the nfs server edit /etc/hosts and add the names and ip addresses of the client boxes
also add the client boxes names in /etc/host.allow

nels
__________________
AMD64 2800+, nForce3 250, 768M, FC6
AMD XP2000+,Via K400, 512M, FC6
Pegasos II, G4 1.0Ghz, 512M, 7x boot Morphos1.4.5/Debian 5.1/YD 4.01/FC6/FC10/Ubuntu9.4/Freevo
AMD Athlon 1.0Ghz, GA 7ZM, 512M, FC6
PowerMac QuickSilver, G4 733Mhz, 768M, OSX 10.4, FC6
Reply With Quote
  #7  
Old 3rd April 2006, 08:20 AM
steve1961 Offline
Registered User
 
Join Date: Jul 2005
Location: Coventry, UK
Posts: 583
Quote:
Originally Posted by jim
Here is what I did to at least get connected

commented out the host.deny

So how can I fix this to improve the security ?
Hi Jim, sorry for the delay, it's been the middle of the night over here whilst you've been posting. To be honest I'm not sure why you're having to comment the hosts.deny file. When I originally set this up in FC4 my FC4 box acted as a server for a slackware box and it worked fine with these settings. I no longer use the Fedora box as a server but now that I've upgraded to FC5 I do use it as an NFS client. Could it be something to do with SELinux? I have this set to permissive only.

I'm at work at the moment but I'll play around with the settings when I get home and post back.

Edit: You really shouldn't need to add any extra entries to your hosts file. Try running exportfs -ra from the server to force it to read the /etc/exports file. You might also find the following link useful:

http://nfs.sourceforge.net/nfs-howto/server.html

Last edited by steve1961; 3rd April 2006 at 08:41 AM.
Reply With Quote
  #8  
Old 3rd April 2006, 10:53 AM
jim Offline
Retired Community Manager & Avid Drinker Of Suds
 
Join Date: Feb 2005
Location: Rochester NY
Age: 39
Posts: 4,175
Server
--------
>>> fc4

set up to the how to

Client
---------
>>> fc5 notebook

set up to the how to

Selinux disabled in both machines
__________________
Registered Linux User: #376813
Western NY
My linux site
Smolt Profile

please remember to say if you problem was solved

Did you get your id10t award today?
Reply With Quote
  #9  
Old 3rd April 2006, 06:09 PM
steve1961 Offline
Registered User
 
Join Date: Jul 2005
Location: Coventry, UK
Posts: 583
Hi Jim

OK, to test these settings I setup my son's mepis box as an NFS server with the above entries in exports, hosts.allow and hosts.deny to see if I could replicate the problem. Once everything was set up I typed rpcinfo -p <his ip address> from the FC5 client and got the following output:

program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100011 1 udp 792 rquotad
100011 2 udp 792 rquotad
100011 1 tcp 795 rquotad
100011 2 tcp 795 rquotad
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100021 1 udp 1026 nlockmgr
100021 3 udp 1026 nlockmgr
100021 4 udp 1026 nlockmgr
100005 1 udp 804 mountd
100005 1 tcp 807 mountd
100005 2 udp 804 mountd
100005 2 tcp 807 mountd
100005 3 udp 804 mountd
100005 3 tcp 807 mountd
100024 1 udp 810 status
100024 1 tcp 813 status


I then tried to mount the share as a user but got a permission denied message, and the same when I tried to do this as root. I then remembered that I needed to set permissions on the mount point, in this case /media/harry. So I did chmod 777 /media/harry and tried to mount again. This time everything worked fine and I was able to mount and unmount as an ordinary user. I'll add this to the how to.

I then tried messing around with the hosts.deny, hosts.allow and exports file. After searching for some answers on the web today it seems that you have to be careful with the spacing between entries. In the exports file the two entries below give different results:

/home/admin 192.168.2.30(rw,no_root_squash,sync)
/home/admin 192.168.2.30 (rw,no_root_squash,sync)

The first does what we want it to do, but the second (with the extra space) defaults to ro for the named IP address and rw acccess for anyone else.

In the hosts.deny and hosts.allow files there needs to be a single space on each line between the colon and the ALL or the IP address. I found that a double space in hosts.deny between the colon and the ALL on each line, or no space, could bring up the permission denied message - but for some reason this was intermittent.

But other than the above everything seemed to work.
Reply With Quote
  #10  
Old 3rd April 2006, 07:01 PM
axelseap
Guest
 
Posts: n/a
i think there's a flaw that went unnoticed, not all the parts of nfs use the same port, check this guide on how to change them http://fritz.potsdam.edu/man/nfs/nfs_firewall.html.
i used that and opened those ports on firestarter to my other box and it works great
Reply With Quote
  #11  
Old 3rd April 2006, 07:38 PM
steve1961 Offline
Registered User
 
Join Date: Jul 2005
Location: Coventry, UK
Posts: 583
Quote:
Originally Posted by axelseap
i think there's a flaw that went unnoticed, not all the parts of nfs use the same port, check this guide on how to change them http://fritz.potsdam.edu/man/nfs/nfs_firewall.html.
i used that and opened those ports on firestarter to my other box and it works great

Looks like a useful article for specifying all the ports that nfs uses rather than letting nfs choose random ports for some services. I've spent the last few hours reading lots of nfs documents and I didn't come across anything else that mentioned anything other than 2049 and 111. That said, that's all I have open and it seems to work well, but I'll try this method to see what happens.

Update: seems to work well, but can't say I notice a difference.

Last edited by steve1961; 9th April 2006 at 07:30 PM.
Reply With Quote
  #12  
Old 15th April 2006, 07:56 PM
TimBenny Offline
Registered User
 
Join Date: Apr 2006
Posts: 18
Question

Dear author,

I am sincerely grateful if you could provide me some information on how to share files between my linux box(192.1.1.10) and windows(192.1.1.11).

I would like to not always create data CDs whenever I want to transfer files from one to the other.

Thank you

Tim Benny
Reply With Quote
  #13  
Old 15th April 2006, 08:07 PM
steve1961 Offline
Registered User
 
Join Date: Jul 2005
Location: Coventry, UK
Posts: 583
Quote:
Originally Posted by TimBenny
Dear author,

I am sincerely grateful if you could provide me some information on how to share files between my linux box(192.1.1.10) and windows(192.1.1.11).

I would like to not always create data CDs whenever I want to transfer files from one to the other.

Thank you

Tim Benny

Samba is probably your best bet between linux and windows. See this how to for more information:

http://forums.fedoraforum.org/showth...ighlight=samba
Reply With Quote
  #14  
Old 19th April 2006, 03:03 PM
TimBenny Offline
Registered User
 
Join Date: Apr 2006
Posts: 18
Question Hi steve,

I don't see anything in there. where is it to share file without server, simple like C2C (computer to computer)
Steve, please do it again please..

Tim1955
Reply With Quote
  #15  
Old 20th April 2006, 10:21 AM
steve1961 Offline
Registered User
 
Join Date: Jul 2005
Location: Coventry, UK
Posts: 583
Quote:
Originally Posted by TimBenny
I don't see anything in there. where is it to share file without server, simple like C2C (computer to computer)
Steve, please do it again please..

Tim1955

Look at post 2 in the link. If you want to share files between windows and linux it's my understanding that you need to use samba. NFS is only for linux to linux shares.
Reply With Quote
Reply

Tags
fc5, nfs, setup, shares

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Dvico Fusion HDTV initial setup and Mythtv Setup holden-nut Using Fedora 3 18th November 2006 05:33 AM
Can't see shares in win xp box newusermike Servers & Networking 5 12th June 2006 09:57 PM
Windows shares visible in Linux but Linux shares not visible in Windows (argh!) CitizenAim Servers & Networking 4 24th May 2005 09:18 PM
Setup scripts to map the Windows shares to Linux mvelasco2 Servers & Networking 1 21st April 2005 08:16 AM


Current GMT-time: 15:21 (Saturday, 23-08-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat