Home PC Games Linux Windows Database Network Programming Server Mobile  
  Home \ Server \ CentOS of NFS     - Subsequent binary search tree traversal sequence (Programming)

- 6 common PHP security attacks (Linux)

- Unix system security configuration (Linux)

- Linux host dual LAN transceiver package ARP problem (Linux)

- System-level alias vs Oracle ADR functionality (Database)

- Java loop list to solve the problem of Joseph ring (Programming)

- Nginx version information hidden or modified (Server)

- MySQL common functions summary (Database)

- Zabbix installation under Linux (Server)

- Graphical interface for the CentOS 6.4 installed and connected by remote VNC (Linux)

- Permissions and attributes of files and directories under Linux (Linux)

- CentOS 6.5 can not connect to the network under VMware (Linux)

- DB2 manually create a library (Database)

- Java in several ways of using MongoDB (Programming)

- Java data structures - the linear form of the single-chain applications (Programming)

- FastDFS installation and deployment (Server)

- CentOS7 install JAVA notes (Linux)

- Linux Shell Scripting (Programming)

- File encryption and decryption of Linux security mechanisms (Linux)

- On event processing browser compatibility notes (Programming)

  CentOS of NFS
  Add Date : 2017-03-08      
  NFS is the old agreement, and to the Linux constantly updated and improved from the previous only supports UDP, now supports TCP, and now to the V4 version. But still unsafe, the biggest problem is that does not require authentication, only recommendations, including the network with it.
NFS is one serving, one is the client.
The client uses need to enable portmap service (service portmap start), or can not access, there are a lot of articles saying you need to enable NFS-related services, in fact, it is not necessary as a client of, as the RPC portmap access it. And to CentOS6, portmap is no, but became rpcbind, is enabled by default, you do not need to deal with the trouble.
Server is installed by default, but not enabled.
Either portmap or rpcbind listens for UDP and TCP port 111 on the Web
NFS and TCP listening on UDP port 2049, and some dynamic in the following elaborate.
It's shared directory configuration files in / etc / exports, service configuration file in / etc / sysconfig / nfs

Shared directory
/ Var / tmp / share,no_all_squash)
General is the directory location and license IP address ranges plus (), brackets provides read-only or read-write rw ro,
Is to provide a mapping between the server and client in Linux users, no_all_squash is mapping between users and groups, but not including the root, all_squash mapped to anonymous groups and anonymous users, the so-called nfsnobody, if the client is not installed NFS, then its owner and group are 65534, 65534 in fact nfsnobody is, if you enable NFS service group will be established, it will automatically map out the group's name, in fact, the most essential is the group number and the number of users, such as root user is 0, root group is 0. root_squash is mapped to the root anonymous, no_root_squash root is mapped to the root, as well as anonuid = xxx, anongid = xxx mapped to specific users and groups, xxx is the user and groups of digital numbers.
Other parameters are basically irrelevant. For example: sync: synchronize data written to the buffer memory and disk, low efficiency, but it can ensure data consistency; async: the data is first stored in the memory buffer is written to disk when necessary.

Service profile
This file is usually not configured by default on it.
But when the firewall is enabled iptable had to configure.
By capturing Packet can be seen not only need the connection process nfs ports 111 and 2049, and some dynamic port, these dynamic ports at each restart nfs service will change, iptable firewall can not see that intelligence can dynamically open port, this time on the need to solidify the listening port.
Edit / etc / sysconfig / nfs file
I did not change the port number is the # removed.
Restart Service
netstat -lpn | grep -v unix
tcp 0* LISTEN 3959 / rpc.mountd
tcp 0* LISTEN 3954 / rpc.rquotad
tcp 0 0* LISTEN -
udp 0 0* -
Then of course, is to configure the firewall, these ports added.
cat / etc / sysconfig / iptables
-A INPUT -p udp -m udp --dport 111 -j ACCEPT
-A INPUT -p udp -m udp --dport 32769 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 32803 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 892 -j ACCEPT
-A INPUT -p udp -m udp --dport 892 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 875 -j ACCEPT
-A INPUT -p udp -m udp --dport 875 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2049 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 111 -j ACCEPT

View Status command
View Configuration
See RPC case
rpcinfo -p
Check the current situation has been even into the machine
showmount -a

Establish temporary command
mount / home / shenxu / source server IP
/ Var / tmp / share server shared directory
/ Home / shenxu / source mapped to the local directory
Long-established mapping, edit / etc / fstab, add the following line / home / shenxu / source nfs defaults 0 0

Other times with showmount -a can see no connection traces previously connected, there are also restarted. Although nothing impact, but we are striving for perfection, Linux is basically in the form of a file, then there certainly exists a file on the hard disk after the restart, it is the / var / lib / nfs / rmtab, Clear the project needs to clear enough.
- Java Class file format parsing (Programming)
- Configuration based on open source Lucene Java development environment (Server)
- GitLab upgrade to 8.2.0 (Linux)
- Oracle 11g through SCN do incremental backup repair standby library detailed process (Database)
- Java threads and thread pools (Programming)
- Memcached and Redis (Linux)
- CentOS 6.0 system security level (Linux)
- JBoss7 configuration - Supports IPv4 and IPv6 dual-stack environment (Server)
- To create a secure network firewall with iptables Under Linux (Linux)
- Linux system started to learn: how to view the Linux thread of a process (Linux)
- Java learning problems encountered (Programming)
- Android screen rotation processing and ProgressDialog the best AsyncTask (Programming)
- Linux environment variable configuration (Linux)
- An example of troubleshooting of embedded Linux OpenWRT (Linux)
- OpenSUSE 13.1 OpenSUSE 12.3 and how to install Cinnamon 2.2 Desktop (Linux)
- Android float ball and boot from the start (Programming)
- C language to view various types of data size (Programming)
- Ubuntu Install OpenSSL (Linux)
- Easy to install CentOS 6.6 desktop environment (Linux)
- Install KVM on Ubuntu and build a virtual environment (Linux)
  CopyRight 2002-2020 newfreesoft.com, All Rights Reserved.