NFS server

Revision as of 09:32, 21 August 2014 by WikiFreak (talk | contribs)


NFS is a file-share technology that is supported only by *Nix systems. It's very simple to setup and use, but the set of restrictions is lower than Samba.

  • NFS is perfect for a NetBoot strategy (thin clients)
  • NFS is not fit to act as company's main file-server. If you plan to share a lof of data as a file-server then Samba will be a better choice.


Installation

NFS support

apt-get install nfs-kernel-server nfs-common


Debootstrap (manage netboot image)

apt-get install debootstrap


Initramfs (to manage "virtual disks")

apt-get install initramfs-tools



NFS server setup

Configuration

The NFS configuration is done in the /etc/exports file

vim /etc/exports


Add something like that:

### list of available O.S
  /nfs/trusty         172.16.50.0/24(ro,no_root_squash,no_subtree_check,async,insecure)
  /nfs/wheezy         172.16.50.0/24(ro,no_root_squash,no_subtree_check,async,insecure)
### common share
  /nfs/common         172.16.50.0/24(rw,no_root_squash,no_subtree_check,async,insecure)


Adjust "172.16.50.0/24" to your own network address

  • rw : Allow clients to read as well as write access
  • ro : Read only access
  • insecure : Tells the NFS server to use unpriveledged ports (ports > 1024).
  • no_subtree_check : If the entire volume (/users) is exported, disabling this check will speed up transfers.
  • async : async will speed up transfers.
  • no_root_squash: This phrase allows root to connect to the designated directory.


- NOTE -

  • It's always a good idea to use Read-Only if you plan to share this disk. That will avoid user to mess with your image!
  • There must not be any space between network IP and "("
  • If you plan to share a NFS to all users - like my /nfs/common - don't forget to set chmod -R 777 /nfs/common


Security

Like TFTP, this part is insecure !

You must restrict the access to your NFS server by a firewall script and filtering BEFORE reaching the LAN !


NFS is using dynamic ports numbers because it runs over rpcbind. Making NFS using specifics port is a pain in the ass !! :(

So, instead of that you should allow your LAN communication.


    IPTABLES=`which iptables`
    LAN_ADDRESS="172.16.50.0/24"

    # Allow LAN communication
    $IPTABLES -A INPUT -s $LAN_ADDRESS -d $LAN_ADDRESS -m state ! --state INVALID -j ACCEPT
    $IPTABLES -A OUTPUT -s $LAN_ADDRESS -d $LAN_ADDRESS -m state ! --state INVALID -j ACCEPT


Management

service nfs-kernel-server {status|start|stop|restart}


Test the server

Install the NFS v4 client:

apt-get install nfs-common


To mount the default path:

mount -t nfs nfs-server:/ /mnt

You'll see: "/nfs"


It's better to do:

mount -t nfs nfs-server:/nfs /mnt