Howto: NFS Server and Client

[deffe]

EDIT: Added iptables and nfs howto near bottom of this post.

This might have been posted before but I couldn't find an all inclusive thread, so here is mine. I am no expert with NFS since I just got it working. I don't have a 2.4x boxen around so I can't post the kernel selections.

SERVER

Make sure that you have the support within your kernel:

Code: Select all

# cd /usr/src/linux
# make menuconfig

File systems  ---> 
Network File Systems  --->
<*> NFS file system support                                                                                    
[*]   Provide NFSv3 client support                                                                             
[ ]   Provide NFSv4 client support (EXPERIMENTAL)                                                              
[ ]   Allow direct I/O on NFS files (EXPERIMENTAL)                                                             
<*> NFS server support                                                                                         
[*]   Provide NFSv3 server support                                                                             
[ ]     Provide NFSv4 server support (EXPERIMENTAL)                                                            
[*]   Provide NFS server over TCP support (EXPERIMENTAL)     

Compile the kernel and copy:

Code: Select all

# make && make modules_install
# mount /boot/
# cp arch/i386/boot/bzImage /boot/kernel-2.6.7

Reboot the server to allow new options to load within the kernel.

Emerge NFS:

Code: Select all

# emerge -v nfs-utils

Configure your exports:

Code: Select all

# nano /etc/exports

# /etc/exports: NFS file systems being exported.  See exports(5).
/storage        192.168.0.5(rw)

There is a good explanation of how to setup the exports file here:
http://nfs.sourceforge.net/nfs-howto/server.html

Portmap is required for NFS:

Code: Select all

# /etc/init.d/portmap start
# rc-update add portmap default

Start up NFS daemon:

Code: Select all

# /etc/init.d/nfs start
# rc-update add nfs default

Check to make sure that NFS services have started:

Code: Select all

# rpcinfo -p
   program vers proto   port
    100000    2   tcp    111  portmapper
    100000    2   udp    111  portmapper
    100024    1   udp  32771  status
    100024    1   tcp  32771  status
    100003    2   udp   2049  nfs
    100003    3   udp   2049  nfs
    100003    2   tcp   2049  nfs
    100003    3   tcp   2049  nfs
    100021    1   udp  32772  nlockmgr
    100021    3   udp  32772  nlockmgr
    100021    4   udp  32772  nlockmgr
    100021    1   tcp  32772  nlockmgr
    100021    3   tcp  32772  nlockmgr
    100021    4   tcp  32772  nlockmgr
    100005    1   udp    797  mountd
    100005    1   tcp    800  mountd
    100005    2   udp    797  mountd
    100005    2   tcp    800  mountd
    100005    3   udp    797  mountd
    100005    3   tcp    800  mountd

If you are going to make a change to your exports file it is recommended that you run the following command and restart the NFS daemon:

Code: Select all

# exportfs -ra
# /etc/init.d/nfs restart

CLIENT

Make sure that you have the support within your kernel:

Code: Select all

# cd /usr/src/linux
# make menuconfig

File systems  ---> 
Network File Systems  --->
<*> NFS file system support                                                                                    
[*]   Provide NFSv3 client support                                                                             
[ ]   Provide NFSv4 client support (EXPERIMENTAL)                                                              
[ ]   Allow direct I/O on NFS files (EXPERIMENTAL)                                                              

Compile the kernel and copy:

Code: Select all

# make && make modules_install
# mount /boot/
# cp arch/i386/boot/bzImage /boot/kernel-2.6.7

Reboot the client to allow new options to load within the kernel.

Emerge NFS:

Code: Select all

# emerge -v nfs-utils

Portmap is required for NFS:

Code: Select all

# /etc/init.d/portmap start
# rc-update add portmap default

The NFS daemon is required on the client:

Code: Select all

# /etc/init.d/nfs start
# rc-update add nfs default

Mount the NFS share:

Code: Select all

# mount 192.168.0.2:/storage /mnt/nfs

Check the NFS site for the various methods of mounting shares on boot:
http://nfs.sourceforge.net/nfs-howto/client.html

ADDITION:
NFS and iptables
If you want to use iptables along with your nfs server please follow these directions:

Code: Select all

# emerge iptables
# cd /usr/src/linux; make menuconfig

-Device Drivers
-Networking Support
-Networking Options
-[*] Network packet filtering
-IP: Netfilter Configuration

NOTE: Change all [*] to [M] in Netfilter Configuration

# make && make modules_install
# mount /boot
# cp arch/i386/boot/bzImage /boot/kernel

# nano /etc/conf.d/nfs
# Options to pass to rpc.mountd
# ex. RPCMOUNTDOPTS="-p 32767
RPCMOUNTDOPTS="-p 4002"

# Options to pass to rpc.statd
# ex. RPCSTATDOPTS="-p 32765 -o 32766"
RPCSTATDOPTS="-p 4000"

# nano /etc/modules/autoload/kernel
ip_tables

# reboot

Add lockd.nlm_udpport=4001 lockd.nlm_tcpport=4001 to the end of the kernel line in /boot/grub/grub.conf

Code: Select all

# nano /sbin/firewall
-- start script --
#!/bin/bash

# script variables
IPTABLES='/sbin/iptables'       # iptables executable

# Flush all chains
$IPTABLES --flush

# Allow unlimited traffic on the loopback interface
$IPTABLES -A INPUT -i lo -j ACCEPT
$IPTABLES -A OUTPUT -o lo -j ACCEPT

# Set default policies
$IPTABLES --policy INPUT DROP
$IPTABLES --policy OUTPUT DROP
$IPTABLES --policy FORWARD DROP

# Previously initiated and accepted exchanges bypass rule checking
# Allow unlimited outbound traffic
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

# Allow ICMP ECHO REQUESTS from anywhere
$IPTABLES -A INPUT -p icmp --icmp-type echo-request -j ACCEPT

# for SSH server
$IPTABLES -A INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT

# for NFS server
$IPTABLES -A INPUT -p tcp -m tcp -s --dport 111 -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp -s --dport 2049 -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp -s --dport 4000 -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp -s --dport 4001 -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp -s --dport 4002 -j ACCEPT
$IPTABLES -A INPUT -p udp -m udp -s --dport 111 -j ACCEPT
$IPTABLES -A INPUT -p udp -m udp -s --dport 2049 -j ACCEPT
$IPTABLES -A INPUT -p udp -m udp -s --dport 4000 -j ACCEPT
$IPTABLES -A INPUT -p udp -m udp -s --dport 4001 -j ACCEPT
$IPTABLES -A INPUT -p udp -m udp -s --dport 4002 -j ACCEPT

# Drop all other traffic
$IPTABLES -A INPUT -j DROP
-- end script --

# chmod 700 /sbin/firewall
# nano /etc/conf.d/local.start
/sbin/firewall (I know it's a hack so sue me)

[soNNe]

Thanks just what i was looking for. NFS is really simple, but it is still nice to have some documentation

[arlequin]

Some options/tweaks about optimizing NFS would be great

[MADcow]

very good.
exactly what i needed.

[kcobain]

Thx for guide, a question: i have configured a server with nfs enabled to share files with my desktop machines in a 100mb lan, but when i transfer files i'm getting only 600 Kb/s more or les... it's a bit slow, dont think so? how i can speedup this?

Thanxs

[vridmoment]

I had the same problem for a while. Turns out i had somehow misplaced the dma-settings for the IDE-drives
So the real trouble was not in NFS that time.
After turning on DMA and various other good things (TM) the transfer rate went to ~6MB/s which I guess is about all you can get from that poor old box.

[dsegel]

The nfs-utils package is not required on the client side and you do not need to be running the nfs daemon on the client.

Just enable the nfs client options in the kernel and then you can mount nfs shares with the standard mount command. I define my nfs mounts in my /etc/fstab file and use the nfsvers=3 option so I can transfer large files, and it all works fine.

[elpollodiablo]

i use the next line to mount all my nfs volumes on a p3 1000 server. the transfer rate is 10 / 12 Mbps

Code: Select all

menace:/mnt/storage                      /mnt/storage    nfs            rw,users,auto,hard,intr,tcp,retrans=5,rsize=8192,wsize=8192     0 0

rsize and wsize could actually be not so optimized for your setup.... mess around with those!

[Mark McGann]

This was a very helpful post.

-Mark

[hbp4c]

The nfs protocol was designed to run over UDP not TCP. Therefore, nfs already has in its code an error-checking ability. Using TCP is slightly slower, and doesn't really gain you much (except allowing you to hand off the error checking ability to the network layer instead of the main processor, which can be advantageous on heavy loaded and slow processors.).

For systems with slow disk I/O, if speed is really what you need to get out of nfs, you'll have to enable the async option on the server:

Code: Select all

/etc/exports:
/home           128.143.57.1/255.255.255.0(rw,async)

Beware: doing this allows nfs to acknowledge receipt of data without actually sync'ing it to disk. (this is the opposite of the sync which forces nfs to sync data to disk before acknowledgement). Sync in the default option, excluding it from the directives in /etc/exports will effectively enable it.

For me, on a precision 360 workstation connecting to a second precision 360 via 100mb network, this increases the performance by a factor of at least two. (note that hdparm was set for ata/100 disk access and was dma enabled). To properly run this test, I rebooted both machines to ensure that the data was not cached by nfs in any way (another default behavior).

However, on high I/O systems (a scsi based raid is a good example) the async will make much less of a difference. On a U160 raid5 array the sync/async option made no difference at all.

Most people I've talked to about nfs have told me that even though the async is dangerous (if the system dies before sync'ing data, the data is lost) but it is necessary for performance in many situations. It is worth experimenting with, YYMV.

[hbp4c]

Another useful option is the no_root_squash directive.

Code: Select all

/etc/exports:
/home           128.143.57.1/255.255.255.0(rw,async,no_root_squash)

Root squashing is the idea that on a mounted nfs file system, root has no permissions to modify anything (effectively making root a nobody-level user). For NFS servers who export their filesystem to machines where other people have root access, root_squash is very necessary as a security measure (it keeps a rouge root from deleting all the files on that mount, for example).

However, for a network where root is the same person on all machines (or the root user is trusted on all machines) then no_root_squash re-enables the root permissions for the nfs share.

[GurliGebis]

How about NFS4, how does that work?

[Dhaki]

And for use NFS with Samba autentification (in a Windows server )? Who know how to make this?

[BlinkEye]

thanks for the howto and thanks to hbp4c for his elaboration

[tecknojunky]

The nfs-utils package is not required on the client side and you do not need to be running the nfs daemon on the client.

Just enable the nfs client options in the kernel and then you can mount nfs shares with the standard mount command. I define my nfs mounts in my /etc/fstab file and use the nfsvers=3 option so I can transfer large files, and it all works fine.

I was about to post about this mistake. Good thing I checked if someone else pointed that out.

How about NFS4, how does that work?

I got it working (kinda) on one of the setups (a cluster) I have acces to. Look into the Bugzilla. There's an ebuild to start with. A couple of fudging are needed because the Gentoo core is unaware of nfs4 (ie: netmount can't identify the nfs4 tag in fstab, etc).

[bsdvodsky]

wiki has been updated!

http://gentoo-wiki.com/HOWTO_Share_Directories_via_NFS

[flipnode]

Great quickie HowTo! Thanks for the quick reference.

Don't make the same mistake that I did on the Client. When you go to mount NFS, make sure portmap is running; otherwise it will hang during the mounting proceedure! Just a little hint for some newbies.

[oRDeX]

very nice howto!

[Faco]

ADDITION:
NFS and iptables
If you want to use iptables along with your nfs server please follow these directions:

Code: Select all

# emerge iptables
# cd /usr/src/linux; make menuconfig

-Device Drivers
-Networking Support
-Networking Options
-[*] Network packet filtering
-IP: Netfilter Configuration

NOTE: Change all [*] to [M] in Netfilter Configuration

# make && make modules_install
# mount /boot
# cp arch/i386/boot/bzImage /boot/kernel

# nano /etc/conf.d/nfs
# Options to pass to rpc.mountd
# ex. RPCMOUNTDOPTS="-p 32767
RPCMOUNTDOPTS="-p 4002"

# Options to pass to rpc.statd
# ex. RPCSTATDOPTS="-p 32765 -o 32766"
RPCSTATDOPTS="-p 4000"

# nano /etc/modules/autoload/kernel
ip_tables

# reboot

Add lockd.nlm_udpport=4001 lockd.nlm_tcpport=4001 to the end of the kernel line in /boot/grub/grub.conf

Code: Select all

# nano /sbin/firewall
-- start script --
#!/bin/bash

# script variables
IPTABLES='/sbin/iptables'       # iptables executable

# Flush all chains
$IPTABLES --flush

# Allow unlimited traffic on the loopback interface
$IPTABLES -A INPUT -i lo -j ACCEPT
$IPTABLES -A OUTPUT -o lo -j ACCEPT

# Set default policies
$IPTABLES --policy INPUT DROP
$IPTABLES --policy OUTPUT DROP
$IPTABLES --policy FORWARD DROP

# Previously initiated and accepted exchanges bypass rule checking
# Allow unlimited outbound traffic
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

# Allow ICMP ECHO REQUESTS from anywhere
$IPTABLES -A INPUT -p icmp --icmp-type echo-request -j ACCEPT

# for SSH server
$IPTABLES -A INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT

# for NFS server
$IPTABLES -A INPUT -p tcp -m tcp -s --dport 111 -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp -s --dport 2049 -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp -s --dport 4000 -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp -s --dport 4001 -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp -s --dport 4002 -j ACCEPT
$IPTABLES -A INPUT -p udp -m udp -s --dport 111 -j ACCEPT
$IPTABLES -A INPUT -p udp -m udp -s --dport 2049 -j ACCEPT
$IPTABLES -A INPUT -p udp -m udp -s --dport 4000 -j ACCEPT
$IPTABLES -A INPUT -p udp -m udp -s --dport 4001 -j ACCEPT
$IPTABLES -A INPUT -p udp -m udp -s --dport 4002 -j ACCEPT

# Drop all other traffic
$IPTABLES -A INPUT -j DROP
-- end script --

# chmod 700 /sbin/firewall
# nano /etc/conf.d/local.start
/sbin/firewall (I know it's a hack so sue me)

Hi, i am having troubles about transfer speedy on nfs mounts. And i am workin with iptables, all compiled in kernel, not as module. I ask, maybe, is this the problem ?
Of course my iptables rules accept connections from the lan, no rule is blocking anything from the lan. In fact; i can read or write in the nfs server. My problem is the speed.

Thanks.

[richardash1981]

Hint for people who get either client mounts timing out, or exportfs taking forever:

That the nfs server needs to be able to do a reverse DNS lookup on each client IP that tries to connect to it,(even with IP addresses or masks in /etc/exports). If it can't, mount will often time out on the clients, and exportfs will take much longer.
Either add the nfs clients to the DNS or the server's hosts file.

[Truin]

In my experience (and I use NFS a lot), I've found the following things to be handy...

1) use the rsize=xxxx and optionally the wsize=xxxx in your mount options on the client side, where xxxx is the number of bytes NFS uses when reading/writing files on an NFS server. The man page for nfs (run `man nfs` from your shell) suggests setting xxxx to 8192. I found this greatly improved transfer speed on my shares.

2) use the intr option to allow interrupts on NFS file operations that suffer a major time-out. The default is to NOT allow file operations to be interrupted. (This makes ctrl-c work if a read/write to the NFS share hangs.)

3) normally, NFS would use udp for data transfer, which uses no transport error checking. On a wireless links, such as 802.11b/g, this can be torture if your wireless connection is noisy and/or latent. Using the tcp option can help on latent, noisy, or packet-lossy wireless links.

Code: Select all

# mount -o rsize=8192,wsize=8192,intr,tcp server:/exported/share /mnt/point 

Code: Select all

# server:/exported/share     /mnt/point     nfs  rsize=8192,wsize=8192,intr,tcp  0 0 

Last (or first, rather since this should be done before mounting!!), but not least, portmap is a must, as it provides RPC communications for NFS and other RPC goodies that will help your NFS environment. For details, feel free to browse through the various man pages for nfs, portmap, mountd. lockd, statd, and rpc.

Code: Select all

# /etc/init.d/portmap start 

Hope this helps someone... noticed this thread has been dead a while, figured it could use a freshening!

[tcunha]

Portmap is required for NFS:

Code: Select all

# /etc/init.d/portmap start 
# rc-update add portmap default

There's no need to add portmap to the default runlevel since nfs/nfsmount depends on it:

Code: Select all

$ sudo /etc/init.d/nfs ineed
portmap
$ sudo /etc/init.d/nfsmount ineed
net portmap

Good work.

[Kate Monster]

Hi,

I'm having problems getting this to work. Basically, when I try mounting my nfs filesystem it hangs forever then finall fails with:

Code: Select all

mount: 192.168.1.105:/root/ch32/usr/local/portage/packages: can't read superblock

I've checked that I've setup my /etc/exports file properly, and I've added the computer to my /etc/hosts file. What could be wrong?

[Truin]

when I try mounting my nfs filesystem it hangs forever then finall fails with:

Code: Select all

mount: 192.168.1.105:/root/ch32/usr/local/portage/packages: can't read superblock

Sounds like possibly a portmap/rpc issue, maybe a lockd or mountd problem. On the client side, try running the following and see if it spits out a list of your nfs exports:

Code: Select all

 # showmount -e server 

where server is your nfs server.

Also, make sure that portmap is running on the client side. And as always, check your syslog (you did install a system logger, didn't you?) and see if it has any helpful messages.

[steveL]

Thanks to all who've posted such excellent info, and especially to the OP for a great howTo.