nfs server building and client mounting under CentOS 7 & Firewall opening with fixed port

1, Environmental preparation

192.168.56.101: Server
192.168.56.102: client

2, Set up NFS server

Set up nfs on server 192.168.56.101. The steps are as follows:

#Server node installation nfs (192.168.56.101)
yum -y install nfs-utils

#Create nfs shared data directory
mkdir -p /home/nfs/data/

#Modify permissions (optional)
chmod -R 777 /home/nfs/data/

#Edit the export file and set the shared directory / home/nfs/data /. Any ip can access, read and write. Root has root permission when logging in. If you need to set a fixed ip to access, see the supplementary instructions later.
vi /etc/exports
/home/nfs/data/ *(rw,no_root_squash,sync)

#Configuration effective
exportfs -r

#View effective
exportfs

#Start rpcbind and nfs services
systemctl restart rpcbind && systemctl enable rpcbind
systemctl restart nfs && systemctl enable nfs

#View the registration status of RPC service
rpcinfo -p localhost

#showmount test
showmount -e 192.168.56.101

Supplementary note: the * in the line: / home/nfs/data/ *(rw,no_root_squash,sync) indicates that the client provided to any ip can access it. If more detailed permission control is required, it can be changed to a specific ip, limiting that only the client machine in the ip can be mounted, such as:

#Edit the export file, set the shared directory / home/nfs/data /, specify the ip 192.168.56.102 to access, read and write, and root has root permission when logging in
vi /etc/exports
/home/nfs/data/ 192.168.56.102(rw,no_root_squash,sync)

#If mult ip le IPS are required to support, you can copy the multi line configuration, and the permissions can also be configured to be different, such as 102 read-write rw and 103 read-only ro.
vi /etc/exports
/home/nfs/data/ 192.168.56.102(rw,no_root_squash,sync)
/home/nfs/data/ 192.168.56.103(ro,no_root_squash,sync)

3, Client nfs installation configuration

First install nfs on the client 192.168.56.102

yum -y install nfs-utils

Then create a new directory for mounting on the client machine, for example (two methods, depending on your situation)

#This directory is used to mount the shared directory on the server. It is the same as or different from the shared directory / home/nfs/data /. I have built different directories
mkdir -p /home/nfssharedata/

Then mount the shared directory as follows: (two methods, depending on your situation)

######Type 1: temporary mount (it will disappear after system restart)######
mount -t nfs 192.168.56.101:/home/nfs/data/  /home/nfssharedata/

######Type 2: permanent mount (it will be mounted automatically after system restart)######
####Note: if you only change / etc/fstab, you need to restart the system to mount.
####Therefore, the online formal environment can be implemented both temporarily and formally, so that the system can be automatically mounted after the first configuration without restart.
##Modify the / etc/fstab file
vi /etc/fstab
192.168.56.101:/home/nfs/data/  /home/nfssharedata/  nfs  defaults,rw   0 0

If you don't want to mount, execute umount

umount /home/nfssharedata/

4, The nfs server uses fixed ports and enables firewall opening

NFS communication is conducted using udp or tcp protocol. The above NFS environment is built when the NFS server firewall is closed, that is, the relevant ports need to be put through. Generally, the online environment requires high requirements. The firewall will be opened and some policies will be authorized to control access. Because NFS uses 111 by default (used by portmapper, the client sends a query request for NFS file access function to the server) and 2049 (used by NFS) ports are fixed, and the other ports are random. Therefore, it is necessary to configure them as fixed ports on the NFS server (192.168.56.101) and open them through the firewall. The steps are as follows:

  1. Modify profile
    vi /etc/sysconfig/nfs
vi /etc/sysconfig/nfs,Add the following configuration at the end
RQUOTAD_PORT=30001
LOCKD_TCPPORT=30002
LOCKD_UDPPORT=30002
MOUNTD_PORT=30003
STATD_PORT=30004
  1. Restart service
systemctl restart rpcbind
systemctl restart nfs
  1. Review the port status again
    rpcinfo -p localhost, you can see that the port has used a fixed port
  2. Next, open the relevant firewall and authorize access on the client machine 192.168.56.102
#Firewall of nfs
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.56.102" port protocol="tcp" port="111" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.56.102" port protocol="udp" port="111" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.56.102" port protocol="tcp" port="2049" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.56.102" port protocol="udp" port="2049" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.56.102" port protocol="tcp" port="30001-30004" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.56.102" port protocol="udp" port="30001-30004" accept"
firewall-cmd --reload
firewall-cmd --list-all

Tags: Linux CentOS nfs

Posted on Sun, 28 Nov 2021 04:44:00 -0500 by gardan06