Network File System, a distributed file system protocol.
The most common file sharing protocol among *nix systems.
It shared the file system directly as if the user is mounting a local storage.
- direct mounting
- 3 versions
- v2, v3, v4
NFSv2 and NFSv3 relies on some RPC (Remote Process Call) services, which were “rolled into the kernel” later (ref).
Sample commands to start RPC service:
service rpcbind start chkconfig rpcbind on
NFSv4 does not need those RPC support and it listens on TCP port 2049.
NFSv4 is also more firewall-friendly (explained later).
NFSv2 originally only used UDP. NFSv2 and NFSv3 both support TCP. NFSv4 requires TCP.
Sample commands to run NFS service:
service nfs start chkconfig nfs on
NFS and Firewall¶
NFSv2 and NFSv3 use portmap and RPC.
NFSv4 uses TCP port 2209 and no portmap.
By default NFS uses 4 NFS ports and one RPC port.
It is hard to configure firewall for dynamic ports. But users can specify those ports or use startup scripts to detect them and change firewall rules. Feel free to be creative on your own.
How to do it on Debian: SecuringNFS - Debian Wiki
MOUNT_PORT="1234" STATD_PORT="1235" LOCKD_TCPPORT="1236" LOCKD_UDPPORT="1237"
Ports 2049 and 111 are also needed to be able to go through the firewall.
mount to mount shared NFS
mount -t nfs 192.168.1.100:/my-nfs /mnt/someone-nfs mount # check status
192.168.1.100:/my-nfs /mnt/someone-nfs nfs defaults 0 0
nfsvers=4 to specify NFSv4 (not necessary)