How-To: Setup Nethserver for NFS

islipfd19 · June 30, 2015, 2:29pm

Configuring NFS on the server is out of scope of this ‘How-To’. A good guide that explains how to do so can be found here. I actually used it. Googling is also your friend in this area.

NFS How-To

Summary

When I first attempted to setup NFS, I knew it was going to be challenging. Not only would it be my first time to setup NFS I knew I also had to make various “out of norm” changes to NethServer. Meaning I had to add specific services and such and overcome firewall challenges. This How-To will be slightly different than my setup. All the ports I mention will be in the firewall section and in the end it should seem relatively easy to setup.

###Background
The primary reason I decided to setup NFS was that I found the samba method of backing up the server to be ineffective for my needs. The menus for NFS seemed to be the way to go. In my home environment, I have two NethServers that were originally Zentyal server. I moved away from Zentyal on these two servers for a number of reasons, many of you that have worked with Zentyal can figure out why. The first NethServer is my primary server, this is where all my movies, recorded tv shows, pictures and home folders reside. I have two RAID 5 configurations that total 12TB of data. <You may ask how I did that, in short I use mounts ‘BIND’ ability to mount directories in mulitple locations. Perhaps a second How-To may be required>. This server backs up to the second server that has one RAID 5 consisting of 6TB. Yes, it’s less than the first but the greatest amount of storage used are the movies and I don’t back these up.

So lets begin

We will configure the firewall first. There are a number of options to choose from on how to do this here. You can specify the necessary host groups, hosts, IP ranges and services and then add the specific rule detailing the NFS port (below) or allow full communication between your NethServer and the other host accessing the NFS shares. I strongly advise to use the securest method if working in a production environment but for home use it isn’t quite that necessary.

(Disclaimer: These may not be all the ports that NFS uses, some may be specific to TCP and other to UDP)
TCP: 111,832,1110,1598,1651,2049,2323,23,63,4045,5009,20049
UDP: 111,832,1110,1598,1651,2049,2323,23,63,4045,5009,20049

Once you have your firewall configured, login to your Nethserver, either as your self or as root. I recommend having two shell windows open for this. If you login as yourself you will need to become root ‘sudo -i’ will do that. Now disable the firewall. What?!?!? Yup, disable it. The firewall may not have bene fully configured and will cause pains in getting NFS to work. I’ll explain how to validate this later. To disable it, run ‘service firewall stop’ or ‘/etc/init.d/firewall stop’.

The commands I’m about to instruct you to invoke can be found in the NethServer development documentation and can be found in the services section. We need to add NFS as a service to NethServer and NFS uses 6 services in order to function properly.

config set nfs service status enabled
mkdir -p /etc/e-smith/db/configuration/defaults/nfs
echo "service" > /etc/e-smith/db/configuration/defaults/nfs/type
echo "enabled" > /etc/e-smith/db/configuration/defaults/nfs/status

config set nfslock service status enabled
mkdir -p /etc/e-smith/db/configuration/defaults/nfslock
echo "service" > /etc/e-smith/db/configuration/defaults/nfslock/type
echo "enabled" > /etc/e-smith/db/configuration/defaults/nfslock/status

config set rpcbind service status enabled
mkdir -p /etc/e-smith/db/configuration/defaults/rpcbind
echo "service" > /etc/e-smith/db/configuration/defaults/rpcbind/type
echo "enabled" > /etc/e-smith/db/configuration/defaults/rpcbind/status

config set rpcgssd service status enabled
mkdir -p /etc/e-smith/db/configuration/defaults/rpcgssd
echo "service" > /etc/e-smith/db/configuration/defaults/rpcgssd/type
echo "enabled" > /etc/e-smith/db/configuration/defaults/rpcgssd/status

config set rpcidmapd service status enabled
mkdir -p /etc/e-smith/db/configuration/defaults/rpcidmapd
echo "service" > /etc/e-smith/db/configuration/defaults/rpcidmapd/type
echo "enabled" > /etc/e-smith/db/configuration/defaults/rpcidmapd/status

config set rpcsvcgssd service status enabled
mkdir -p /etc/e-smith/db/configuration/defaults/rpcsvcgssd
echo "service" > /etc/e-smith/db/configuration/defaults/rpcsvcgssd/type
echo "enabled" > /etc/e-smith/db/configuration/defaults/rpcsvcgssd/status

Just a side note, the services ‘rpcgssd’ and ‘rpcsvcgssd’ will appear stopped in the Services tab on the NethServer GUI. This is normal operation. They only run when needed.

Now that you’ve gotten that all done, if you haven’t done so already; setup NFS using the guide I posted at the top of this ‘How-To’.

In the first window that you logged in, run the following command as root. tail -f /var/log/firewall.log. We are going to watch the firewall logs to see if we’ve setup our firewall correctly. At this point it’s still disabled and we will leave it that way for a moment. In the second window, start NFS; either by ‘/service nfs start’ or ‘/etc/init.d/nfs start’. You should now attempt to connect to your NFS shares that you’ve setup. If you’ve done so, congratulations; you know that it should work. If you haven’t, double check your configuration files for NFS using the guide I posted the link to at the top of the page or Google to troubleshoot.

Testing your firewall. Now start the firewall using command ‘service firewall start’ or /etc/init.d/firewall start’. Can you still access your NFS shares? You should be able to. Now restart NFS and reattempt to access you shares. If you are able to you can then now perform the last test. Reboot your NethServer and reattempt to connect to your NFS share. If you are able to then you’re done. If you previously connected to them but can no longer connect to them with the firewall running then there’s something amiss in the firewall. That is the reason why we were using ‘tail’ to watch that log. You should be able to identify the problem when parsing through the log. Look for the Nethserver IP address and the source IP address. It is most likely a port that NFS needs to use but is being blocked.

alefattorini · July 20, 2015, 1:05pm

I tried to clean your howto with a better formatting, thanks for your work

Could you tell us more? Please reply here:

rolf · October 3, 2016, 11:39am

Thanks for your how-to. The install link you provide is out of date, the package nfs-utils-lib is replaced by libnfsidmap. Apart from that, it worked like a charm!

alefattorini · October 3, 2016, 12:43pm

Thanks Rolf can you provide @islipfd19 your notes in order to keep the howto updated?

gmontana · November 3, 2016, 11:12am

Thank you for this tutorial.
I have just installed nethserver 6.8, I cannot find /etc/init.d/firewall, I do have /etc/init.d/shorewall instead. Would you please tell me if the how to is applicable to the nethserver 6.8 ?
Thank you again.
Best regards

stephdl · November 7, 2016, 3:37pm

if you want to restart the firewall, do

signal-event firewall-adjust

EDIT: this howto is quite old, and it is not correct, the ports must be opened by a db values and not manually like the author did.

indeed following the idea of the author, you should stop shorewall to test if the share can be exported.

Strange way :-?

islipfd19 · November 8, 2016, 7:26pm

Yes, the steps are out dated. I haven’t had a chance to update them, one reason being; it s=works for me, the other is I haven’t had time. I may update them for the next version of NethServer that gets released.

As far as using shorewall as opening the ports that I needed, that gave me problems initially; it’s why I went the route I did.

stephdl · November 13, 2016, 7:05pm

A howto to install nfs-server and set the firewall

alefattorini · November 17, 2016, 9:24am

We should reach out this man Micheal Quinn

alefattorini · November 17, 2016, 5:16pm

A post was split to a new topic: Planet to aggreate all blogs/posts NethServer related