Home‎ > ‎Server config‎ > ‎

NFS server config on RHEL/Centos 6

Configure NFS Server in RHEL6

Our first task is to install the necessary RPM. Two RPM are required for NFS server

  • nfs-utils
  • rpcbind

nfs-utils

This is the main RPM which provide nfs service.

rpcbind

NFS depends on Remote Procedure Calls(RPC) service which is controlled by rpcbind service. In earlier version of RHEL portmap service was used to map RPC program numbers to IP address port number combinations. This service is now replaced by rpcbind to enable IPv6 support.

If you do not have above RPM installed, than first install them. You can use any method to install RPM.

"NFS file server" is the primary group associated with NFS. So if you have configured yum repository than following command will install the mandatory packages[nfs-utils and nfs4-acl-tools] from that group.

#yum groupinstall " NFS file server"

yum-group-install

Or alternatively you can use

# yum install nfs* -y

yum-nfs-install

If you do not have yum repository use RPM command to install these packages. Go in the folder which contain RPM (In installation disk of RHEL6, Package folder contains all RPM ) and run following command.

#rpm -ivh nfs* --nodeps --force#rpm -ivh rpcbind* --nodeps --force

rpm-nfs-install

Our second task is to verify that the NFS services are installed. This can be done from following command.

rpm –qa nfs-utils

Verify that rpcbind package is installed.

rpm –qa rpcbind

rpm-qa-nfs

For this article I assume that you have both packages installed.

Following services are associated with NFS daemons. Each service have its script file stored in init.d directory.

/etc/init.d/nfsMain control script for NFS Daemons which control NFS services.
/etc/init.d/nfslockScript for lock files and the statd daemon, which locks and provides status of files those are currently in use.
/etc/init.d/portreserveReplacement script for the portmap which used to set up ports for RPC services.
/etc/init.d/rpcbindRPC program number converter.
/etc/init.d/rpcgssdScript for RPC-related security services.
/etc/init.d/rpcidmapdConfiguration script used for mapping of NFS user ID to LDAP and Kerberos systems.
/etc/init.d/rpcsvcgssdControl script for the server side of RPC-related general security services.

You can start each script directly by following command

#/etc/init.d/[script name]

For example to start nfs service

#/etc/init.d/nfs

Or you can use service command to start / stop /restart the service

#service nfs start

nfs and rpcbind are the compulsory services for nfs daemons.

Make sure nfs and rpcbind scripts are active before you configure NFS server.

Start the services

service-nfs-start

Make sure that services remain on after reboot

chkconfig-nfs-start

Check the status to services it must be running

service-nfs-status

How to configure NFS client on RHEL6

Check necessary RPM

linuxclient-rpm-qa

Install if you are missing them

Start the necessary services and Verify the status of services it must be running

linuxclient-nfs-status

Make sure service remain on after reboot

linuxclient-chkconfig-nfs

Check connectivity form server

linuxclient-ping-server

How to create NFS Share

So far we have setup NFS Server and NFS client with basic configurations. Now create a NFS Share on NFS Server and mount it from NFS Client.

On Server system make a directory /nfs_share and create a test file in it

mkdir-nfs

On Server /etc/exportfs defines what resources will be available for clients. /etc/exports file use following syntax to share resources

[mountpoint] [host][permissions/options]

Remember there is no space between the [host] field and the [permissions/options] field. If you include a space, you receive a syntax error.

Common Mount permission options

rwread/write permissions
roSread-only permissions
insecureAllows the use of ports over 1024
syncSpecifies that all changes must be written to disk before a command completes
no_wdelayForces the writing of changes immediately
root_squashPrevents root users

NFS Host Entries

/etc/exportfs supports conventional wildcards which provide flexibility when specifying hosts.

  • you can use the hostname for hosts within your domain.
  • you need fully qualified domain name for outside hosts.
  • you can reference all the hosts within a specific domain.
  • You can use the * for the host segment, followed by the domain name for the network, such as *.example.com for all the hosts in the example.com network.
  • Instead of host name, You can also use single host's ip address.
  • you can use IP network addresses with a CNDR format
  • You can also use an NIS netgroup name to reference a collection of hosts. The NIS netgroup name is preceded by an @ sign.

For example following are the valid example for hosts entries

directory   host(options)/nfs_share	 *(rw,sync)/nfs_share	 *.example.com(rw,sync)/nfs_share	 192.168.1.10(rw,sync)/nfs_share	 192.168.1.0/255.255.255.0(rw,sync)/nfs_share	 192.168.1.0/24(rw,sync)/nfs_share	 @netgroup(rw,sync)

We will share it globally with read / write options. Open /etc/exports file

vi-exports

add following line and save the file

exports-entry

Restart the NFS service

service-nfs-restart

showmount

showmount command with -e option will display shared NFS directories locally and remotely. To review the export list for a NFS server, add the name / IP address of NFS server. If this command doesn't work, communication may be blocked with a firewall.

You may face two common errors as the output of showmount -e command

on NfS server

clnt_create: RPC: Program not registered

on NFS client

clnt_create: RPC: Port mapper failure - Unable to receive: errno 113 (No route to host)

On server this is generated due to order of services. In exam always start /restart rpcbind service before nfs.

rpc-sloution-on-server

On client this is generated due to firewall configured on NFS server. On linuxclient system use showmount to list all NFS Share

linuxclient-showmount-error

clnt_create: RPC: Port mapper failure - Unable to receive: errno 113 (No route to host)

showmount -e command returns above error on NFS client if firewall is not properly configured on NFS Server.

Configure IPTABLES rules for NFS Server.

You may have a iptable firewall enabled system. You should know how to allow nfs through firewall.

NFS port range

In order to allow NFS through iptable firewall we need to open following ports

  • TCP and UDP port 2049 for NFS.
  • TCP and UDP port 111 (rpcbind/sunrpc).
  • TCP and UDP port specified with MOUNTD_PORT="port"
  • TCP and UDP port specified with STATD_PORT="port"
  • TCP port specified with LOCKD_TCPPORT="port"
  • UDP port specified with LOCKD_UDPPORT="port"

NFS requires rpcbind, which dynamically assigns ports for RPC services at startup time. Dynamic ports could not be protected by iptables as these ports might change on reboot and make changes obsolete.

So you need to configure NFS services to use fixed ports.

Open /etc/sysconfig/nfs

vi-sysconfig-nfs

Uncomment following directives to use default port, Or change them with desired TCP / UDP unused ports and save the file.

# TCP port rpc.lockd should listen on.LOCKD_TCPPORT=[port-number]# UDP port rpc.lockd should listen on.LOCKD_UDPPORT=[port-number]# Port rpc.mountd should listen on.MOUNTD_PORT=[port-number]# Port rquotad should listen on.RQUOTAD_PORT=[port-number]# Port rpc.statd should listen on.STATD_PORT=[port-number]# Outgoing port statd should used. The default is port is randomSTATD_OUTGOING_PORT=[port-number]

Here is the sample listing with default port number

LOCKD_TCPPORT=32803LOCKD_UDPPORT=32769MOUNTD_PORT=892RQUOTAD_PORT=875STATD_PORT=662STATD_OUTGOING_PORT=2020

sysconfig-open-port