NFS is the old agreement, and to the Linux constantly updated and improved from the previous only supports UDP, now supports TCP, and now to the V4 version. But still unsafe, the biggest problem is that does not require authentication, only recommendations, including the network with it.
NFS is one serving, one is the client.
The client uses need to enable portmap service (service portmap start), or can not access, there are a lot of articles saying you need to enable NFS-related services, in fact, it is not necessary as a client of, as the RPC portmap access it. And to CentOS6, portmap is no, but became rpcbind, is enabled by default, you do not need to deal with the trouble.
Server is installed by default, but not enabled.
Either portmap or rpcbind listens for UDP and TCP port 111 on the Web
NFS and TCP listening on UDP port 2049, and some dynamic in the following elaborate.
It's shared directory configuration files in / etc / exports, service configuration file in / etc / sysconfig / nfs
/ Var / tmp / share 172.26.1.0/24(rw,no_all_squash)
General is the directory location and license IP address ranges plus (), brackets provides read-only or read-write rw ro,
Is to provide a mapping between the server and client in Linux users, no_all_squash is mapping between users and groups, but not including the root, all_squash mapped to anonymous groups and anonymous users, the so-called nfsnobody, if the client is not installed NFS, then its owner and group are 65534, 65534 in fact nfsnobody is, if you enable NFS service group will be established, it will automatically map out the group's name, in fact, the most essential is the group number and the number of users, such as root user is 0, root group is 0. root_squash is mapped to the root anonymous, no_root_squash root is mapped to the root, as well as anonuid = xxx, anongid = xxx mapped to specific users and groups, xxx is the user and groups of digital numbers.
Other parameters are basically irrelevant. For example: sync: synchronize data written to the buffer memory and disk, low efficiency, but it can ensure data consistency; async: the data is first stored in the memory buffer is written to disk when necessary.
This file is usually not configured by default on it.
But when the firewall is enabled iptable had to configure.
By capturing Packet can be seen not only need the connection process nfs ports 111 and 2049, and some dynamic port, these dynamic ports at each restart nfs service will change, iptable firewall can not see that intelligence can dynamically open port, this time on the need to solidify the listening port.
Edit / etc / sysconfig / nfs file
RQUOTAD_PORT = 875
LOCKD_TCPPORT = 32803
LOCKD_UDPPORT = 32769
MOUNTD_PORT = 892
I did not change the port number is the # removed.
netstat -lpn | grep -v unix
tcp 0 0.0.0.0:892 0.0.0.0:* LISTEN 3959 / rpc.mountd
tcp 0 0.0.0.0:875 0.0.0.0:* LISTEN 3954 / rpc.rquotad
tcp 0 0 0.0.0.0:32803 0.0.0.0:* LISTEN -
udp 0 0 0.0.0.0:32769 0.0.0.0:* -
Then of course, is to configure the firewall, these ports added.
cat / etc / sysconfig / iptables
-A INPUT -p udp -m udp --dport 111 -j ACCEPT
-A INPUT -p udp -m udp --dport 32769 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 32803 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 892 -j ACCEPT
-A INPUT -p udp -m udp --dport 892 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 875 -j ACCEPT
-A INPUT -p udp -m udp --dport 875 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2049 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 111 -j ACCEPT
View Status command
See RPC case
Check the current situation has been even into the machine
Establish temporary command
mount 172.26.1.73:/var/tmp/share / home / shenxu / source
172.26.1.73 server IP
/ Var / tmp / share server shared directory
/ Home / shenxu / source mapped to the local directory
Long-established mapping, edit / etc / fstab, add the following line
172.26.1.73:/var/tmp/share / home / shenxu / source nfs defaults 0 0
Other times with showmount -a can see no connection traces previously connected, there are also restarted. Although nothing impact, but we are striving for perfection, Linux is basically in the form of a file, then there certainly exists a file on the hard disk after the restart, it is the / var / lib / nfs / rmtab, Clear the project needs to clear enough.