Topics: Networking, Red Hat / Linux, Storage, System Admin

Quick NFS configuration on Red Hat

This is a quick NFS configuration using RHEL without too much concerts about security or any fine tuning and access control. In our scenario, there are two hosts:

  • NFS Server, IP 10.1.1.100
  • NFS Client, IP 10.1.1.101
First, start with the NFS server:

On the NFS server, un the below commands to begin the NFS server installation: 
[nfs-server] # yum install nfs-utils rpcbind
Next, for this procedure, we export an arbitrary directory called /opt/nfs. Create /opt/nfs directory: 
[nfs-server] # mkdir -p /opt/nfs
Edit the /etc/exports file (which is the NFS exports file) to add the below line to export folder /opt/nfs to client 10.1.1.101: 
/opt/nfs 10.1.1.101(no_root_squash,rw)
Next, make sure to open port 2049 on your firewall to allow client requests: 
[nfs-server] # firewall-cmd --zone=public --add-port=2049/tcp --permanent
[nfs-server] # firewall-cmd --reload
Start the rpcbind and NFS server daemons in this order: 
[nfs-server] # service rpcbind start; service nfs start
Check the NFS server status: 
[nfs-server] # service nfs status 
Redirecting to /bin/systemctl status nfs.service
nfs-server.service - NFS server and services
   Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; enabled; 
 vendor preset: disabled)
  Drop-In: /run/systemd/generator/nfs-server.service.d
           order-with-mounts.conf
   Active: active (exited) since Tue 2017-11-14 09:06:21 CST; 1h 14min ago
 Main PID: 2883 (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/nfs-server.service
Next, export all the file systems configured in /etc/exports: 
[nfs-server] # exportfs -rav
And check the currently exported file systems: 
[nfs-server] # exportfs -v
Next, continue with the NFS client:

Install the required packages: 
[nfs-client] # yum install nfs-utils rpcbind
[nfs-client]# service rpcbind start
Create a mount point directory on the client, for example /mnt/nfs: 
[nfs-client] # mkdir -p /mnt/nfs


Discover the NFS exported file systems:



[nfs-client] # showmount -e 10.1.1.100
Export list for 10.1.1.100:
/opt/nfs 10.1.1.101




Mount the previously NFS exported /opt/nfs directory:



[nfs-client] # mount 10.1.1.100:/opt/nfs /mnt/nfs




Test the correctness of the setup between the NFS server and the NFS client by creating a file in the NFS mounted directory on the client side:



[nfs-client] # cd /mnt/nfs/
[nfs-client] # touch testfile
[nfs-client] # ls -l
total 0
-rw-r--r--. 1 root root 0 Dec 11 08:13 testfile




Move to the server side and check if the testfile file exists:



[nfs-server] # cd /opt/nfs/
[nfs-server] # ls -l
total 0
-rw-r--r--. 1 root root 0 Dec 11 08:13 testfile




At this point it is working, but it is not set up to remain there permanently (as in: it will be gone when either the NFS server or NFS client is rebooted. To ensure it remains working even after a reboot, perform the following steps:



On the NFS server side, to have the NFS server service enabled at system boot time, run:



[nfs-server] # systemctl enable nfs-server




On the NFS server client side, add an entry to the /etc/fstab file, that will ensure the NFS file system is mounted at boot time:



10.1.1.100:/opt/nfs  /mnt/nfs  nfs4  soft,intr,nosuid  0 0




The options for the NFS file systems are as follows:

    

  • soft = No hard mounting, avoids hanging file access commands on the NFS client, if the NFS servers is unavailable.
    • 

  • intr = Allow NFS requests to be interrupted if the NFS server goes down or can't be reached.
    • 

  • nosuid = This prevents remote users from gaining higher privileges by running a setuid program.
    • 


If you need to know on the NFS server side, which clients are using the NFS file system, you can use the netstat command, and search for both the NFS server IP address and port 2049:



[nfs-server] # netstat -an | grep 10.1.1.100:2049


This will tell you the established connections for each of the clients, for example:



tcp  0  0  10.1.1.100:2049  10.1.1.101:757  ESTABLISHED




In the example above you can see that IP address 10.1.1.101 on port 757 (NFS client) is connected to port 2049 on IP address 10.1.1.100 (NFS server).



If you found this useful, here's more on the same topic(s) in our blog:

UNIX Health Check delivers software to scan Linux and AIX systems for potential issues. Run our software on your system, and receive a report in just a few minutes. UNIX Health Check is an automated check list. It will report on perfomance, capacity, stability and security issues. It will alert on configurations that can be improved per best practices, or items that should be improved per audit guidelines. A report will be generated in the format you wish, and the report includes the issues discovered and information on how to solve the issues as well.

Interested in learning more?