linux 装机宝典之一NFS安装（linux之间共享）

NFS的安装配置：
centos 5 :
yum install nfs-utils portmap
centos 6 :
yum install nfs-utils rpcbind


本节是使用centos 6的配置过程：
设备：两台 centos6 OS 安装的时候选择的是"Basic Server"软件配置包。
首先，让两台机器都安装NFS的 软件包，如下显示的是服务器端：
[root@roothomes /home]$ yum install nfs-utils rpcbind
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: centos.ustc.edu.cn
 * extras: centos.ustc.edu.cn
 * updates: centos.ustc.edu.cn
Setting up Install Process
Package rpcbind-0.2.0-8.el6.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package nfs-utils.x86_64 1:1.2.3-15.el6 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package            Arch            Version                 Repository     Size
================================================================================
Updating:
 nfs-utils          x86_64          1:1.2.3-15.el6          base          308 k

Transaction Summary
================================================================================
Install       0 Package(s)
Upgrade       1 Package(s)

Total download size: 308 k
Is this ok [y/N]: y
Downloading Packages:
nfs-utils-1.2.3-15.el6.x86_64.rpm                        | 308 kB     00:10
warning: rpmts_HdrFromFdno: Header V3 RSA/SHA1 Signature, key ID c105b9de: NOKEY
base/gpgkey                                              | 3.3 kB     00:00 ...
Importing GPG key 0xC105B9DE "CentOS-6 Key (CentOS 6 Official Signing Key) <cent                                                                                                                                                              os-6-key@centos.org>" from /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
Is this ok [y/N]: y
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating       : 1:nfs-utils-1.2.3-15.el6.x86_64                          1/2
  Cleanup        : 1:nfs-utils-1.2.2-7.el6.x86_64                           2/2

Updated:
  nfs-utils.x86_64 1:1.2.3-15.el6

Complete!
[root@roothomes /home]$

服务器端：
###(建立挂载的目录，并且挂载目录。)
[root@roothomes /etc]$ mkdir /opt/centos6
[root@roothomes /etc]$ cd /opt/centos6/
[root@roothomes /opt/centos6]$ mkdir thisISnfsFile
[root@roothomes /opt/centos6]$ ls
thisISnfsFile
[root@roothomes /etc]$ vi /etc/exports
[root@roothomes /opt/centos6]$ cat /etc/exports

/opt/centos6 192.168.1.0/24(ro,no_root_squash)
### 备注:/opt/centos6表示nfs共享的目录 192.168.1.0-192.168.1.254区间的IP可以访问，访问权限是自读，root 用户
###(启动对应的服务)
[root@roothomes /opt/centos6]$ chkconfig nfs on
[root@roothomes /opt/centos6]$ /etc/init.d/rpcbind start
[root@roothomes /opt/centos6]$ /etc/init.d/nfs start
Starting NFS services:                                     [  OK  ]
Starting NFS quotas:                                       [  OK  ]
Starting NFS daemon:                                       [  OK  ]
Starting NFS mountd:                                       [  OK  ]
[root@roothomes /opt/centos6]$ service iptables stop
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Unloading modules:                               [  OK  ]


客户端：
[root@roothomes /home]$ yum install nfs-utils rpcbind
安装完毕！
[root@vmBS00 ~]# service iptables stop
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Unloading modules:                               [  OK  ]
###查看是否能访问nfs服务
[root@vmBS00 ~]# showmount -e 192.168.1.75
Export list for 192.168.1.75:
/opt/centos6 192.168.1.0/24
[root@vmBS00 ~]# mkdir /opt/centos6
[root@vmBS00 ~]# mount -t nfs 192.168.1.75:/opt/centos6/  /opt/centos6/
[root@vmBS00 ~]# ls /opt/centos6/
thisISnfsFile
###配置开机自动挂载
[root@vmBS00 ~]# vi /etc/fstab
### 添加 #192.168.1.75:/opt/centos6/ /opt/centos6/ nfs nodev,ro,rsize=32768,wsize=32768 0 0

[root@vmBS00 ~]# init 6
[root@vmBS00 ~]#
login as: root
root@192.168.1.116's password:
Last login: Mon Mar  5 17:29:04 2012 from 192.168.1.23
[root@vmBS00 ~]# ls /opt/centos6/
thisISnfsFile
[root@vmBS00 ~]#

NFS Client：
远程NFS目录在客户端的挂载点：/nfs

[root@ha02 /]# mkdir /nfs
[root@ha02 /]# service rpcbind start

[root@localhost mnt]# showmount -e 192.168.40.18         //测试一下，是否能查询得到

[root@localhost Desktop]# mount -t nfs 192.168.40.18:/home/nfs/test  /mnt/

会出现如下问题（）

mount.nfs:access denied by server while mounting .......

[root@raocentos mnt]# cd /mnt
bash: cd: /mnt: 权限不够

解决方案

1、在服务端更改共享目录权限：

chmod 777 XXXX  (这个你懂的吧)

2、检查你共享的目录是否正确

说明：
1、exports参数说明
rw: 读写模式；
async: 异步磁盘读写；
anonu(g)id: 指定NFS在进行操作时所使用的匿名用户uid/gid

2、NFS 管理命令
showmount -e 在NFS Server上执行此命令显示NFS Server上所有的共享卷；
showmount -e 192.168.1.100在NFS Client上执行此命令显示NFS Server上所有共享卷；
export -av 根据/etc/exports导出所有卷；
export -rv 重新导出所有卷，增加/etc/exports中的新项目、删除不存在的项目、更新改变的项目；

2、安全性
portmap PORT: 111
NFS PORT: 2049

防止使用IP欺骗和RPC重定向技术通过lo回环进行攻击以及限定授权主机：
iptables -A INPUT -p udp -d 127.0.0.1 --dport 111 -j DROP
iptables -A INPUT -p udp -d 127.0.0.1 --dport 2049 -j DROP
iptables -A INPUT -p udp -s 192.168.100.2 --dport 111 -j ACCEPT
iptables -A INPUT -p udp -s 192.168.100.2 --dport 2049 -j ACCEPT