close
2. Network File Service(NFS)
Packages: nfs-utils
Daemons: rpc.nfsd(1),rpc.mountd(1),rpc,rquotad(1),rpciod(1),rpc.statd(2),rpc.lockd(2)
Scripts: /etc/init.d/nfs(1),/etc/init.d/nfslock(2)
Ports: 2049, Others assign by portmap(111)
Configuration: /etc/exports
Related: portmap, tcp_wrappers
#rpcinfo -p (verify that(RPC) service are running)
#exportfs -rv (r: refresh , v: display)
#showmount -e [hostname]
%Port options for Firewall (固定port, 方便設定firewall的範圍)
#vi /etc/sysconfig/nfs
MOUNTD_PORT="4002"
STATD_PORT="4003"
LOCKD_TCPPORT="4004"
LOCKD_UDPPORT="4004"
RQUOTAD_PORT="4005"
%default options: (ro,sync,root_squash)
root mapped to nfsnobody
(1) 檢查nfs狀態
#service nfs status
若沒有啟動
#service nfs start
#chkconfig nfs on
再檢查一次
#rpcinfo -p
[root@server1 log]# rpcinfo -p
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 4005 status
100024 1 tcp 4005 status
100011 1 udp 4002 rquotad
100011 2 udp 4002 rquotad
100011 1 tcp 4002 rquotad
100011 2 tcp 4002 rquotad
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100021 1 udp 32770 nlockmgr
100021 3 udp 32770 nlockmgr
100021 4 udp 32770 nlockmgr
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100021 1 tcp 60977 nlockmgr
100021 3 tcp 60977 nlockmgr
100021 4 tcp 60977 nlockmgr
100005 1 udp 4004 mountd
100005 1 tcp 4004 mountd
100005 2 udp 4004 mountd
100005 2 tcp 4004 mountd
100005 3 udp 4004 mountd
100005 3 tcp 4004 mountd
(2)設定firewall (RH253,Unit4,iptables)
---略---
#nfs
iptables -t filter -A CLASS-RULES -m state --state NEW -p tcp --dport 111 -s 192.168.0.0/24 -j ACCEPT
iptables -t filter -A CLASS-RULES -m state --state NEW -p udp --dport 111 -s 192.168.0.0/24 -j ACCEPT
iptables -t filter -A CLASS-RULES -m state --state NEW -p tcp --dport 2049 -s 192.168.0.0/24 -j ACCEPT
iptables -t filter -A CLASS-RULES -m state --state NEW -p udp --dport 2049 -s 192.168.0.0/24 -j ACCEPT
iptables -t filter -A CLASS-RULES -m state --state NEW -p tcp --dport 4002:4005 -s 192.168.0.0/24 -j ACCEPT
iptables -t filter -A CLASS-RULES -m state --state NEW -p udp --dport 4002:4005 -s 192.168.0.0/24 -j ACCEPT
---略---
(3)修改設定檔(原本是空白) /etc/exports
#vi /etc/exports
/var/ftp/pub/RHEL6 192.168.0.0/255.255.255.0(rw,sync,root_squash)
重新啟動
#service nfs restart
#service nfslock restart
檢查
#showmount -e localhost
[root@server1 ~]# showmount -e localhost
Export list for localhost:
/var/ftp/pub/RHEL5 192.168.0.0/255.255.255.0
(4)測試
[root@server118 ~]# mount 192.168.0.254:/var/ftp/pub/RHEL5 /mnt/redhat
(若要自動載入須寫入/etc/fstab, 或用autofs自動掛載)
[root@server118 ~]# mount
---略---
192.168.0.254:/var/ftp/pub/RHEL5 on /mnt/redhat type nfs (rw,addr=192.168.0.254)
Q思考: 在/mnt/redhat/下建立lab目錄
[root@server118 redhat]# cd lab
-bash: cd: lab: Permission denied
#chown nfsnobody:nfsnobody lab
#cd lab
[root@server118 lab]# pwd
/mnt/redhat/lab
[root@server118 lab]# touch f2.root
[root@server118 lab]# ll
total 8
-rw-rw-r-- 1 student student 0 Jul 26 23:16 f1.student
-rw-r--r-- 1 nfsnobody nfsnobody 0 Jul 26 23:18 f2.root
[root@server118 lab]#
Packages: nfs-utils
Daemons: rpc.nfsd(1),rpc.mountd(1),rpc,rquotad(1),rpciod(1),rpc.statd(2),rpc.lockd(2)
Scripts: /etc/init.d/nfs(1),/etc/init.d/nfslock(2)
Ports: 2049, Others assign by portmap(111)
Configuration: /etc/exports
Related: portmap, tcp_wrappers
#rpcinfo -p (verify that(RPC) service are running)
#exportfs -rv (r: refresh , v: display)
#showmount -e [hostname]
%Port options for Firewall (固定port, 方便設定firewall的範圍)
#vi /etc/sysconfig/nfs
MOUNTD_PORT="4002"
STATD_PORT="4003"
LOCKD_TCPPORT="4004"
LOCKD_UDPPORT="4004"
RQUOTAD_PORT="4005"
%default options: (ro,sync,root_squash)
root mapped to nfsnobody
(1) 檢查nfs狀態
#service nfs status
若沒有啟動
#service nfs start
#chkconfig nfs on
再檢查一次
#rpcinfo -p
[root@server1 log]# rpcinfo -p
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 4005 status
100024 1 tcp 4005 status
100011 1 udp 4002 rquotad
100011 2 udp 4002 rquotad
100011 1 tcp 4002 rquotad
100011 2 tcp 4002 rquotad
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100021 1 udp 32770 nlockmgr
100021 3 udp 32770 nlockmgr
100021 4 udp 32770 nlockmgr
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100021 1 tcp 60977 nlockmgr
100021 3 tcp 60977 nlockmgr
100021 4 tcp 60977 nlockmgr
100005 1 udp 4004 mountd
100005 1 tcp 4004 mountd
100005 2 udp 4004 mountd
100005 2 tcp 4004 mountd
100005 3 udp 4004 mountd
100005 3 tcp 4004 mountd
(2)設定firewall (RH253,Unit4,iptables)
---略---
#nfs
iptables -t filter -A CLASS-RULES -m state --state NEW -p tcp --dport 111 -s 192.168.0.0/24 -j ACCEPT
iptables -t filter -A CLASS-RULES -m state --state NEW -p udp --dport 111 -s 192.168.0.0/24 -j ACCEPT
iptables -t filter -A CLASS-RULES -m state --state NEW -p tcp --dport 2049 -s 192.168.0.0/24 -j ACCEPT
iptables -t filter -A CLASS-RULES -m state --state NEW -p udp --dport 2049 -s 192.168.0.0/24 -j ACCEPT
iptables -t filter -A CLASS-RULES -m state --state NEW -p tcp --dport 4002:4005 -s 192.168.0.0/24 -j ACCEPT
iptables -t filter -A CLASS-RULES -m state --state NEW -p udp --dport 4002:4005 -s 192.168.0.0/24 -j ACCEPT
---略---
(3)修改設定檔(原本是空白) /etc/exports
#vi /etc/exports
/var/ftp/pub/RHEL6 192.168.0.0/255.255.255.0(rw,sync,root_squash)
重新啟動
#service nfs restart
#service nfslock restart
檢查
#showmount -e localhost
[root@server1 ~]# showmount -e localhost
Export list for localhost:
/var/ftp/pub/RHEL5 192.168.0.0/255.255.255.0
(4)測試
[root@server118 ~]# mount 192.168.0.254:/var/ftp/pub/RHEL5 /mnt/redhat
(若要自動載入須寫入/etc/fstab, 或用autofs自動掛載)
[root@server118 ~]# mount
---略---
192.168.0.254:/var/ftp/pub/RHEL5 on /mnt/redhat type nfs (rw,addr=192.168.0.254)
Q思考: 在/mnt/redhat/下建立lab目錄
[root@server118 redhat]# cd lab
-bash: cd: lab: Permission denied
#chown nfsnobody:nfsnobody lab
#cd lab
[root@server118 lab]# pwd
/mnt/redhat/lab
[root@server118 lab]# touch f2.root
[root@server118 lab]# ll
total 8
-rw-rw-r-- 1 student student 0 Jul 26 23:16 f1.student
-rw-r--r-- 1 nfsnobody nfsnobody 0 Jul 26 23:18 f2.root
[root@server118 lab]#
全站熱搜
留言列表
學習 (2)