nfs server building and client mounting under CentOS 7 & Firewall opening with fixed port

1, Environmental preparation 192.168.56.101: Server 192.168.56.102: client 2, Set up NFS server Set up nfs on server 192...

1, Environmental preparation

192.168.56.101: Server
192.168.56.102: client

2, Set up NFS server

Set up nfs on server 192.168.56.101. The steps are as follows:

#Server node installation nfs (192.168.56.101) yum -y install nfs-utils #Create nfs shared data directory mkdir -p /home/nfs/data/ #Modify permissions (optional) chmod -R 777 /home/nfs/data/ #Edit the export file and set the shared directory / home/nfs/data /. Any ip can access, read and write. Root has root permission when logging in. If you need to set a fixed ip to access, see the supplementary instructions later. vi /etc/exports /home/nfs/data/ *(rw,no_root_squash,sync) #Configuration effective exportfs -r #View effective exportfs #Start rpcbind and nfs services systemctl restart rpcbind && systemctl enable rpcbind systemctl restart nfs && systemctl enable nfs #View the registration status of RPC service rpcinfo -p localhost #showmount test showmount -e 192.168.56.101

Supplementary note: the * in the line: / home/nfs/data/ *(rw,no_root_squash,sync) indicates that the client provided to any ip can access it. If more detailed permission control is required, it can be changed to a specific ip, limiting that only the client machine in the ip can be mounted, such as:

#Edit the export file, set the shared directory / home/nfs/data /, specify the ip 192.168.56.102 to access, read and write, and root has root permission when logging in vi /etc/exports /home/nfs/data/ 192.168.56.102(rw,no_root_squash,sync) #If mult ip le IPS are required to support, you can copy the multi line configuration, and the permissions can also be configured to be different, such as 102 read-write rw and 103 read-only ro. vi /etc/exports /home/nfs/data/ 192.168.56.102(rw,no_root_squash,sync) /home/nfs/data/ 192.168.56.103(ro,no_root_squash,sync)
3, Client nfs installation configuration

First install nfs on the client 192.168.56.102

yum -y install nfs-utils

Then create a new directory for mounting on the client machine, for example (two methods, depending on your situation)

#This directory is used to mount the shared directory on the server. It is the same as or different from the shared directory / home/nfs/data /. I have built different directories mkdir -p /home/nfssharedata/

Then mount the shared directory as follows: (two methods, depending on your situation)

######Type 1: temporary mount (it will disappear after system restart)###### mount -t nfs 192.168.56.101:/home/nfs/data/ /home/nfssharedata/ ######Type 2: permanent mount (it will be mounted automatically after system restart)###### ####Note: if you only change / etc/fstab, you need to restart the system to mount. ####Therefore, the online formal environment can be implemented both temporarily and formally, so that the system can be automatically mounted after the first configuration without restart. ##Modify the / etc/fstab file vi /etc/fstab 192.168.56.101:/home/nfs/data/ /home/nfssharedata/ nfs defaults,rw 0 0

If you don't want to mount, execute umount

umount /home/nfssharedata/
4, The nfs server uses fixed ports and enables firewall opening

NFS communication is conducted using udp or tcp protocol. The above NFS environment is built when the NFS server firewall is closed, that is, the relevant ports need to be put through. Generally, the online environment requires high requirements. The firewall will be opened and some policies will be authorized to control access. Because NFS uses 111 by default (used by portmapper, the client sends a query request for NFS file access function to the server) and 2049 (used by NFS) ports are fixed, and the other ports are random. Therefore, it is necessary to configure them as fixed ports on the NFS server (192.168.56.101) and open them through the firewall. The steps are as follows:

  1. Modify profile
    vi /etc/sysconfig/nfs
vi /etc/sysconfig/nfs,Add the following configuration at the end RQUOTAD_PORT=30001 LOCKD_TCPPORT=30002 LOCKD_UDPPORT=30002 MOUNTD_PORT=30003 STATD_PORT=30004
  1. Restart service
systemctl restart rpcbind systemctl restart nfs
  1. Review the port status again
    rpcinfo -p localhost, you can see that the port has used a fixed port
  2. Next, open the relevant firewall and authorize access on the client machine 192.168.56.102
#Firewall of nfs firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.56.102" port protocol="tcp" port="111" accept" firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.56.102" port protocol="udp" port="111" accept" firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.56.102" port protocol="tcp" port="2049" accept" firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.56.102" port protocol="udp" port="2049" accept" firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.56.102" port protocol="tcp" port="30001-30004" accept" firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.56.102" port protocol="udp" port="30001-30004" accept" firewall-cmd --reload firewall-cmd --list-all

28 November 2021, 04:44 | Views: 3170

Add new comment

For adding a comment, please log in
or create account

0 comments