Setting up NFS is very simple but since ports are dynamically assigned on the server this creates a major headache for firewall rules.
NFS v2 and v3 require these services to be running (use chkconfig --list
to see if they are configured to start at boot time)
- portmap - dynamically assigns ports for the NFS service
- nfslock - allows NFS clients to create locks on the files on the server
- nfs - the “umbrella” NFS daemon (this is not one daemon but rather several RPC processes: rpc.mountd, rpc.nfsd, rpc.statd, rpc.quotad, rpc.idmapd)
To make firewall rules we need to force NFS to use the same port numbers every time it is run. To do this, put the following into /etc/sysconfig/nfs (create this file if it doesn’t exist)
# NFS port numbers
STATD_PORT=10002
STATD_OUTGOING_PORT=10003
MOUNTD_PORT=10004
RQUOTAD_PORT=10005
LOCKD_UDPPORT=10006
Now we need to have the following ports open in the firewall
- 111 TCP and UDP (portmapper)
- 2049 TCP andUDP (NFS). By default CentOS clients will only use the TCP port but the Mac OS X default is to use UDP
- 10002 - 10006 TCP and UDP. These are the static port numbers that NFS will now use every time it starts up
Aside: If performance from MAC OS X clients is slow when configured to use TCP, try setting the kernel paramater net.inet.tcp.delayed_ack
equal to zero on the Mac clients (/usr/sbin/sysctl -w net.inet.tcp.delayed_ack=0
).
No comments:
Post a Comment