About Me

My photo
Hi Friends, I am Sandeep CC and some people know me as System Administrator. I have started my professional career from 2008. I have been working as System Administrator on Linux Server and Windows Client. I am here to share my Knowledge in which I have experienced and which I have come across till now, It could be help to you people. In case anything wrong or any improvements in my post steps, Please comment to the post, Feel free to contact me by posting comments on this blog. Thanks and Regards, Sandeep CC

Monday, July 26, 2010

NFS Server Configuration On REDHAT LINUX-4


NFS SERVER
Introduction:
Experimented NFS Server and Client
Note:
Server Name: sandeeplinux3 192.168.1.11
Client Name: sandeeplinux2 192.168.1.10
(While Configuring time firewall/iptables should be OFF, later will configure firewall with NFS server)

Requirement Of Packages: [almost all packages will install default while OS installing time]
[root@sandeeplinux3 ~]# rpm -qa |grep
Server: RedHat 4 (nfs-utils-1.0.6-65.EL4 , portmap-4.0-63, quota-3.12-5)

[root@sandeeplinux2 ~]# rpm -qa |grep
Clients: RedHat 4(nfs-utils- 1.0.6-65.EL4 , portmap 4.0-63, quota-3.12-5)

Server setup [sandeeplinux3 192.168.1.11]
Create the new directory that you will export, say /nfsdir, change the permission to 777 and mount the partition on it: (We can share the users home directories also, but for testing purpose we are sharing created new directory)
[root@sandeeplinux3 ~]# cd /home
[root@sandeeplinux3 home]# mkdir nfsdir
[root@sandeeplinux3 home]# chmod -R 777 nfsdir
[root@sandeeplinux3 home]# ls -ltr
drwxrwxrwx 4 root root 4096 Mar 3 12:20 nfsdir

Edit the file /etc/exports adding the line:
[root@sandeeplinux3 home]# vi /etc/exports
/home/nfsdir 192.168.1.10(rw,sync)
[Enter this line into /etc/export file, and give client IP or Name]


Secure the daemons with TCP wrappers: in the file /etc/hosts.deny add a line like this:
[root@sandeeplinux3 home]# vi /etc/hosts.deny
#192.168.1.11/sandeeplinux3: ALL
[root@sandeeplinux3 home]#

for each of the five daemons portmap, lockd, statd, mountd, rquotad. In the file /etc/hosts.allow the line should look like this:
[root@sandeeplinux3 home]# vi /etc/hosts.allow
#192.168.1.11/sandeeplinux3: 192.168.1.10/sandeeplinux2

Start the services:
[root@sandeeplinux3 ~]# service portmap start
Starting portmap: [ OK ]
[root@sandeeplinux3 ~]# service nfs start
Starting NFS services: [ OK ]
Starting NFS quotas: [ OK ]
Starting NFS daemon: [ OK ]
Starting NFS mountd: [ OK ]
[root@sandeeplinux3 ~]# service nfslock start [ OK ]

And add them to the start configuration with:
chkconfig portmap on
chkconfig nfs on
chkconfig nfslock on .
Verify that the daemons are running with
[root@sandeeplinux3 ~]# rpcinfo -p
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 32768 status
100024 1 tcp 32769 status
100004 2 udp 834 ypserv
100004 1 udp 834 ypserv
100004 2 tcp 834 ypserv
100004 1 tcp 834 ypserv
600100069 1 udp 835 fypxfrd
600100069 1 tcp 835 fypxfrd
100007 2 udp 882 ypbind
100007 1 udp 882 ypbind
100007 2 tcp 885 ypbind
100007 1 tcp 885 ypbind
100009 1 udp 654 yppasswdd
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100021 1 udp 32779 nlockmgr
100021 3 udp 32779 nlockmgr
100021 4 udp 32779 nlockmgr
100021 1 tcp 32774 nlockmgr
100021 3 tcp 32774 nlockmgr
100021 4 tcp 32774 nlockmgr
100011 1 udp 634 rquotad
100011 2 udp 634 rquotad
100011 1 tcp 637 rquotad
100011 2 tcp 637 rquotad
100005 1 udp 639 mountd
100005 1 tcp 642 mountd
100005 2 udp 639 mountd
100005 2 tcp 642 mountd
100005 3 udp 639 mountd
100005 3 tcp 642 mountd
[root@sandeeplinux3 ~]#

Client Setup [192.168.1.10]
Secure the daemons with TCP wrappers: in the file /etc/hosts.deny add a line like:
[root@sandeeplinux2 ~]# vi /etc/hosts.deny
sandeeplinux2/192.168.1.10: ALL
for each of the five daemons portmap, lockd, statd, mountd, rquotad. In the file /etc/hosts.allow the line should look like this:
[root@sandeeplinux2 ~]# vi /etc/hosts.deny
sandeeplinux2/192.168.1.10: sandeeplinux3/192.168.1.11
Create a directory where you have to mount shared directory:

[root@sandeeplinux2 ~]# cd /home
[root@sandeeplinux2 home]# mkdir nfsdir
Start services
[root@sandeeplinux2 ~]# service portmap start
Starting portmap: [ OK ]
[root@sandeeplinux2 ~]# service netfs start
Mounting NFS filesystems: mount to NFS server '192.168.1.9' failed: server is down.
Mounting other filesystems: [ OK ]
[root@sandeeplinux2 ~]# service nfslock restart
Stopping NFS locking: [ OK ]
Stopping NFS statd: [ OK ]
Starting NFS statd: [ OK ]
[root@sandeeplinux2 ~]#

Verify that the services portmap and nfslock are running. The commands needed to verify, start and add this services to the running configuration are shown at the last two points of server setup. With the command
[root@sandeeplinux2 ~]# rpcinfo -p
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 32768 status
100024 1 tcp 32769 status
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100021 1 udp 32770 nlockmgr
100021 3 udp 32770 nlockmgr
100021 4 udp 32770 nlockmgr
100021 1 tcp 32787 nlockmgr
100021 3 tcp 32787 nlockmgr
100021 4 tcp 32787 nlockmgr
100005 1 udp 702 mountd
100005 1 tcp 714 mountd
100005 2 udp 702 mountd
100005 2 tcp 714 mountd
100005 3 udp 702 mountd

With the daemons portmap, lockd, statd running you should be able to mount the remote directory. Try it typing:
Mount /home/nfsdir server directory on /home/nfsdir client machine
[root@sandeeplinux2 ~]# mount 192.168.1.11:/home/nfsdir/ /home/nfsdir/

NFS through IPTABLES Firewall Setup [Server Machine]
Enable portmap,nfs & nfslock port no.
[root@sandeeplinux3 ~]# cd /etc/sysconfig/
[root@sandeeplinux3 sysconfig]# vi iptables
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p tcp --dport 111 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p udp --dport 111 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p tcp --dport 2049 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p udp --dport 2049 -j ACCEPT
:wr [Save & Exit]
[root@sandeeplinux3 ~]#service iptables restart

Note: Also need to enable nfslock port, for getting nfslock port no type rpcinfo -p check Port No for nfslock and enter in iptable file. In case any modification done in any NFS server related document of Iptables file then restart the firewall services.
Restart Iptables/Firewall Services
Troubleshoot:

No comments:

Post a Comment