CentOS 6
Sponsored Link

Configure NFS Server2015/01/10

Configure NFS Server to share directories on your Network.
This example is based on the environment below.
+----------------------+          |          +----------------------+
| [    NFS Server    ] | || [    NFS Client    ] |
|     dlp.srv.world    +----------+----------+     www.srv.world    |
|                      |                     |                      |
+----------------------+                     +----------------------+

[1] Configure NFS Server.
[root@dlp ~]#
yum -y install nfs-utils
[root@dlp ~]#
vi /etc/idmapd.conf
# line 5: uncomment and change to your domain name

Domain =
[root@dlp ~]#
vi /etc/exports
# write settings for NFS exports

[root@dlp ~]#
/etc/rc.d/init.d/rpcbind start

Starting rpcbind:                         [  OK  ]
[root@dlp ~]#
/etc/rc.d/init.d/nfs start

Starting NFS services:                    [  OK  ]
Starting NFS mountd:                      [  OK  ]
Starting NFS daemon:                      [  OK  ]
Starting RPC idmapd:                      [  OK  ]

[root@dlp ~]#
chkconfig rpcbind on

[root@dlp ~]#
chkconfig nfs on

[2] If IPTables is running, allow ports like follows.
RPC ports used by NFS are asigned dynamically, so change them to fixed ports and allow them by IPTables. For "-I INPUT *" section below example, Replace it to your own environment.
[root@dlp ~]#
vi /etc/sysconfig/nfs
# line 20,22: uncomment

# line 57: uncomment

# line 63: uncomment

[root@dlp ~]#
/etc/rc.d/init.d/rpcbind restart

[root@dlp ~]#
/etc/rc.d/init.d/nfs restart
# allow 111, 2049 and fixed ports above

[root@dlp ~]#
for port in 111 662 892 2049 32803; do iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport $port -j ACCEPT; done

[root@dlp ~]#
for port in 111 662 892 2049 32769; do iptables -I INPUT 6 -p udp -m state --state NEW -m udp --dport $port -j ACCEPT; done

For basic options of exports
Option Description
rw Allow both read and write requests on a NFS volume.
ro Allow only read requests on a NFS volume.
sync Reply to requests only after the changes have been committed to stable storage. (Default)
async This option allows the NFS server to violate the NFS protocol and reply to requests before any changes made by that request have been committed to stable storage.
secure This option requires that requests originate on an Internet port less than IPPORT_RESERVED (1024). (Default)
insecure This option accepts all ports.
wdelay Delay committing a write request to disc slightly if it suspects that another related write request may be in progress or may arrive soon. (Default)
no_wdelay This option has no effect if async is also set. The NFS server will normally delay committing a write request to disc slightly if it suspects that another related write request may be in progress or may arrive soon. This allows multiple write requests to be committed to disc with the one operation which can improve performance. If an NFS server received mainly small unrelated requests, this behaviour could actually reduce performance, so no_wdelay is available to turn it off.
subtree_check This option enables subtree checking. (Default)
no_subtree_check This option disables subtree checking, which has mild security implications, but can improve reliability in some circumstances.
root_squash Map requests from uid/gid 0 to the anonymous uid/gid. Note that this does not apply to any other uids or gids that might be equally sensitive, such as user bin or group staff.
no_root_squash Turn off root squashing. This option is mainly useful for disk-less clients.
all_squash Map all uids and gids to the anonymous user. Useful for NFS exported public FTP directories, news spool directories, etc.
no_all_squash Turn off all squashing. (Default)
anonuid=UID These options explicitly set the uid and gid of the anonymous account. This option is primarily useful for PC/NFS clients, where you might want all requests appear to be from one user. As an example, consider the export entry for /home/joe in the example section below, which maps all requests to uid 150.
anongid=GID Read above (anonuid=UID)

Matched Content