Enabling NFS on a server and client allows the client to mount a remote filesystem. Below are the steps for an Ubuntu host server and Ubuntu remote client.
Enabling NFS on host server
Install Packages
sudo apt-get update sudo apt-get install nfs-common nfs-kernel-server -y
Create Directory to share
sudo mkdir -p /data/nfs1 sudo chown nobody:nogroup /data/nfs1 sudo chmod g+rwxs /data/nfs1
Export directory
Append a line to “/etc/exports” defining the share, and limiting access to clients in the 192.168.0.0/16 network.
$ echo -e "/data/nfs1\t192.168.0.0/16(rw,sync,no_subtree_check,no_root_squash)" | sudo tee -a /etc/exports $ sudo exportfs -av /data/nfs1 192.168.0.0/16
Enable firewall ports
# check firwall rules, enable ufw sudo ufw status sudo ufw enable # allow portmapper access sudo ufw allow 111 # allow nfs access sudo ufw allow 2049 # set mountd port and allow access (used by non-v4 nfs utils) echo -e "mountd\t\t6666/tcp" | sudo tee -a /etc/services echo -e "mountd\t\t6666/udp" | sudo tee -a /etc/services sudo ufw allow 6666 # check firewall rules sudo ufw status
Restart NFS service
# restart and show logs sudo systemctl restart nfs-kernel-server sudo systemctl status nfs-kernel-server
Show export details
$ /sbin/showmount -e localhost Export list for 127.0.0.1: /data/nfs1 192.168.0.0/16
Enabling NFS on remote client
Now that the NFS server side is configured, move to a remote Ubuntu host that will serve as the client.
Install Packages
sudo apt-get update sudo apt-get install nfs-common -y
Validate server ports
$ rpcinfo -p 192.168.1.239 program vers proto port service 100000 4 tcp 111 portmapper 100000 3 tcp 111 portmapper 100000 2 tcp 111 portmapper 100000 4 udp 111 portmapper 100000 3 udp 111 portmapper 100000 2 udp 111 portmapper 100005 1 udp 6666 mountd 100005 1 tcp 6666 mountd 100005 2 udp 6666 mountd 100005 2 tcp 6666 mountd 100005 3 udp 6666 mountd 100005 3 tcp 6666 mountd 100003 3 tcp 2049 nfs 100003 4 tcp 2049 nfs 100227 3 tcp 2049 100003 3 udp 2049 nfs 100227 3 udp 2049 100021 1 udp 59632 nlockmgr 100021 3 udp 59632 nlockmgr 100021 4 udp 59632 nlockmgr 100021 1 tcp 35035 nlockmgr 100021 3 tcp 35035 nlockmgr
Test NFS client connectivity with showmount:
$ showmount -e 192.168.1.239 Export list for 192.168.1.239: /data/nfs1 192.168.0.0/16
Create Directory for mount
sudo mkdir -p /remote/nfs1 sudo chown $USER:$USER /remote/nfs1 sudo chmod g+rwxs /remote/nfs1 ls -ld /remote/nfs1
Mount
# mount sudo mount -vvv 192.168.1.239:/data/nfs1 /remote/nfs1 # show info on mounted fs df -h | grep nfs1
Test
From the client, we now need to test the ability to create files. First we will create a file as a normal user then using sudo.
touch /remote/nfs1/fromclient.txt touch /remote/nfs1/fromclient-sudo.txt
These files should now show up on the NFS server side in the “/data/nfs1” directory. And because we use the “no_root_squash” option, using sudo on the client side is able to create files on the host also owned by root.
Additionally, this option allows a sudo from the client side to modify permissions on host files which is convenient for administration.
Client unmount
sudo umount /remote/nfs1
Persistent mount
If you want this mount to exist after a client reboot, you need to add the following line to “/etc/fstab”.
echo -e "192.168.1.239:/data/nfs1\t/remote/nfs1\tnfs auto,nofail,noatime,nolock,intr,tcp,actimeo=1800 0 0" | sudo tee -a /etc/fstab
REFERENCES
Digital Ocean, NFS mount for server and client on Ubuntu xenial
Stackoverflow, Ports opened for NFS
set mountd ports via /etc/services
Use strace to figure out ports that are blocked with showmount
Redhat running NFS behind a firewall
exportfs options (-u to unexport, -r to reenable)
NOTES
Do not need to restart NFS server, run after changes to /etc/exports
sudo exportfs -ra
Unexport single server share
# if filter on client host set sudo exportfs -v -u 192.168.0.0/16:/data/nfs1 # if no client filter set sudo exportfs -v -u *:/data/nfs1
If you get “Read Only” errors from mount, then try ‘vers=3’ option
sudo mount -t nfs -o rw,vers=3 -vvv 192.168.1.239:/data/nfs1 /remote/nfs1