Configuring NFS

Firewalling for NFS

 

rpcinfo -p | grep nfs

 

Port 111 (TCP and UDP) and 2049 (TCP and UDP) for the NFS server.

 

 

This will give a list of all ports used by all NFS-related program:

 

rpcinfo -p | awk ‘{print $3″ “$4}’ | sort -k2n | uniq

root@intel:/media/kevin# rpcinfo -p | awk '{print $3" "$4}' | sort -k2n | uniq
proto port
tcp 111
udp 111
tcp 2049
udp 2049
tcp 36705
tcp 39599
udp 39774
udp 40836
tcp 44743
udp 48795
tcp 49095
udp 58224
root@intel:/media/kevin#

 

NFS Ports

 

need to open following ports:

 

ufw allow in from 10.147.18.0/24 to any port 111
ufw allow in from 10.147.18.0/24 to any port 2049
ufw allow in from 10.147.18.0/24 to any port 33333

 

root@intel:/home/kevin# ufw allow in from 10.147.18.0/24 to any port 111 
Rule added
root@intel:/home/kevin# 
root@intel:/home/kevin# ufw allow in from 10.147.18.0/24 to any port 2049
Rule added
root@intel:/home/kevin# ufw allow in from 10.147.18.0/24 to any port 33333
Rule added
root@intel:/home/kevin#

 

then do:

 

root@intel:/home/kevin# iptables-save > /etc/iptables.rules
root@intel:/home/kevin#

 

 

also make sure the exportfs -ra is run else there wont be any nfs volumes to export!

 

root@intel:/# cat /etc/exports

 

/media/kevin/PRIMARY_MEDIA 10.147.18.0/24(rw,insecure,sync,no_subtree_check,no_root_squash) 
/media/kevin/PRIMARY_BACKUP 10.147.18.0/24(rw,insecure,sync,no_subtree_check,no_root_squash)

 

and restart nfs-kernel-server:

 

systemctl restart nfs-kernel-server

 

root@intel:~# systemctl status nfs-kernel-server
● nfs-server.service - NFS server and services
Loaded: loaded (/lib/systemd/system/nfs-server.service; enabled; vendor preset: enabled)
Drop-In: /run/systemd/generator/nfs-server.service.d
└─order-with-mounts.conf
Active: active (exited) since Fri 2021-06-04 20:08:31 CEST; 1h 11min ago
Process: 25565 ExecStartPre=/usr/sbin/exportfs -r (code=exited, status=0/SUCCESS)
Process: 25566 ExecStart=/usr/sbin/rpc.nfsd $RPCNFSDARGS (code=exited, status=0/SUCCESS)
Main PID: 25566 (code=exited, status=0/SUCCESS)

Jun 04 20:08:30 intel systemd[1]: Starting NFS server and services...
Jun 04 20:08:31 intel systemd[1]: Finished NFS server and services.
root@intel:~#

 

Error Message: chown: operation not permitted

 

By default the root_squash export option is set, this means NFS does not allow a root user from a connecting nfs client to perform operations as root on the nfs server.

 

rsync: [receiver] chown "/home/kevin/file.txt" failed: Operation not permitted (1)

To resolve this, set the no_root_squash option for the share in the /etc/exports file

 

(rw,insecure,sync,no_subtree_check,no_root_squash)

 

root@intel:/# cat /etc/exports



/media/kevin/PRIMARY_MEDIA 10.147.18.0/24(rw,insecure,sync,no_subtree_check,no_root_squash) 
/media/kevin/PRIMARY_BACKUP 10.147.18.0/24(rw,insecure,sync,no_subtree_check,no_root_squash)