mekkanizer asked:
I have installed NFS Server on CentOS 7. I have two other hosts, that I want to share different directories with. Here’s my /etc/exports file:
/home/WS2016 192.168.200.2(rw,sync,no_subtree_check)
/home/debian 192.168.120.1(rw,sync,no_subtree_check)
As shared directories’ names hint, one is dedicated to Windows Server 2016, and the other to Debian 9 host.
Debian 9 only needs port 2049 (!) to be open for sudo mount 192.168.120.2:/home/debian /mnt/nfs/storage. R/W access works fine with just that port being allowed by iptables.
Windows Server on the other hand, can have at best R/O access through UNC (\\IP\) or Network Drive Mapping.
To know which ports are used, I grep udp from rpcinfo -p‘s output and ignore dynamic ports. I am not sure about port 20048. Debian does not need it?
111 portmapper
2049 nfs
2049 nfs_acl
20048 mountd
So, I would like to know:
- Is it possible to leave just port(s) 2049/111 opened for TCP/UDP and have working R/W access via UNC path on Windows?
- If not, do I simply combine
-s 192.168.200.2and-m multiport --dports 111,2049,20048flags in aniptablesrule?
Quick UPD: here’s ls -la /home/ output from the NFS Server host
[root@server ~]# ls -la /home/
total 0
drwxr-xr-x. 5 root root 51 10. may 10.48 .
dr-xr-xr-x. 17 root root 242 9. may 22.07 ..
drwxr-xr-x 2 nfsnobody nfsnobody 32 10. may 12.34 debian
drwxr-xr-x 2 nfsnobody nfsnobody 18 10. may 15.54 WS2016
My answer:
NFSv4 requires only port 2049. It’s unlikely that the mount being readonly has anything to do with which ports are open, provided you actually mounted the share with NFSv4. (And there’s virtually no reason to use the ancient 1990s era NFSv3 or the prehistoric NFSv2. You should ensure that you aren’t.)
View the full question and any other answers on Server Fault.
Image may be NSFW.
Clik here to view.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.
The post NFS storage write permissions appeared first on Ringing Liberty.
