星期三, 11月 04, 2015

[FW] Redhat 6 / Oracle linux 6 config 防火牆 (允許nfs server的步驟)

Ref:

http://marcofalchi.blogspot.tw/2013/05/centosredhat-64-configure-nfs-server.html?m=1

My two hosts are "serious" and "mariolino".


[root@serious ~]# vi /etc/exports 
/Download 192.168.1.35(rw,sync,root_squash)
[root@serious ~]# chkconfig | grep nfs 
nfs             0:off 1:off 2:off 3:off 4:off 5:off 6:off
nfslock         0:off 1:off 2:off 3:on 4:on 5:on 6:off

 



[maccu@mariolino ~]$ showmount -e localhost 
clnt_create: RPC: Program not registered
[maccu@mariolino ~]$ showmount -e serious
clnt_create: RPC: Port mapper failure - Unable to receive: errno 113 (No route to host)

 


[root@serious ~]# /etc/init.d/nfs start 
Starting NFS services:                                     [  OK  ]
Starting NFS quotas:                                       [  OK  ]
Starting NFS mountd:                                       [  OK  ]
Stopping RPC idmapd:                                       [  OK  ]
Starting RPC idmapd:                                       [  OK  ]
Starting NFS daemon:                                       [  OK  ]
[root@serious ~]# chkconfig nfs on 
[root@serious ~]# chkconfig | grep nfs 
nfs             0:off 1:off 2:on 3:on 4:on 5:on 6:off
nfslock         0:off 1:off 2:off 3:on 4:on 5:on 6:off

 

[root@serious ~]# chkconfig | grep rpc

rpcbind         0:off 1:off 2:on 3:on 4:on 5:on 6:off

rpcgssd         0:off 1:off 2:off 3:on 4:on 5:on 6:off

rpcidmapd       0:off 1:off 2:off 3:on 4:on 5:on 6:off

rpcsvcgssd      0:off 1:off 2:off 3:off 4:off 5:off 6:off

 

 

[root@serious ~]# /etc/init.d/iptables stop

iptables: Flushing firewall rules:                         [  OK  ]

iptables: Setting chains to policy ACCEPT: filter          [  OK  ]

iptables: Unloading modules:                               [  OK  ]

 

 

[maccu@mariolino ~]$ showmount -e serious

Export list for serious:

/Download 192.168.1.35

 

[root@mariolino ~]#  mount -o,rw serious:/Download /media/

[root@mariolino ~]# df -h 

Filesystem         Size  Used Avail Use% Mounted on

 

serious:/Download  197G  7.3G  180G   4% /media

 

 

 

 

 

Running NFS Behind a Firewall:

Configure a firewall to allow NFS

 

Allow TCP and UDP port 2049 for NFS.

Allow TCP and UDP port 111 (rpcbind/sunrpc).

Allow the TCP and UDP port specified with MOUNTD_PORT="port"

Allow the TCP and UDP port specified with STATD_PORT="port"

Allow the TCP port specified with LOCKD_TCPPORT="port"

Allow the UDP port specified with LOCKD_UDPPORT="port"

 

[root@serious ~]# cat /etc/sysconfig/nfs | grep PORT

#RQUOTAD_PORT=875

#LOCKD_TCPPORT=32803

#LOCKD_UDPPORT=32769

#MOUNTD_PORT=892

#STATD_PORT=662

#STATD_OUTGOING_PORT=2020

#RDMA_PORT=20049 

 

[root@serious ~]# vi /etc/sysconfig/nfs | grep PORT

RQUOTAD_PORT=875

LOCKD_TCPPORT=32803

LOCKD_UDPPORT=32769

MOUNTD_PORT=892

STATD_PORT=662

#STATD_OUTGOING_PORT=2020

#RDMA_PORT=20049 

 

[root@serious ~]# rpcinfo -p

   program vers proto   port  service

    100000    4   tcp    111  portmapper

    100000    3   tcp    111  portmapper

    100000    2   tcp    111  portmapper

    100000    4   udp    111  portmapper

    100000    3   udp    111  portmapper

    100000    2   udp    111  portmapper

    100024    1   udp  51220  status

    100024    1   tcp  50224  status

    100011    1   udp    875  rquotad

    100011    2   udp    875  rquotad

    100011    1   tcp    875  rquotad

    100011    2   tcp    875  rquotad

    100005    1   udp    892  mountd

    100005    1   tcp    892  mountd

    100005    2   udp    892  mountd

    100005    2   tcp    892  mountd

    100005    3   udp    892  mountd

    100005    3   tcp    892  mountd

    100003    2   tcp   2049  nfs

    100003    3   tcp   2049  nfs

    100003    4   tcp   2049  nfs

    100227    2   tcp   2049  nfs_acl

    100227    3   tcp   2049  nfs_acl

    100003    2   udp   2049  nfs

    100003    3   udp   2049  nfs

    100003    4   udp   2049  nfs

    100227    2   udp   2049  nfs_acl

    100227    3   udp   2049  nfs_acl

    100021    1   udp  32769  nlockmgr

    100021    3   udp  32769  nlockmgr

    100021    4   udp  32769  nlockmgr

    100021    1   tcp  32803  nlockmgr

    100021    3   tcp  32803  nlockmgr

    100021    4   tcp  32803  nlockmgr

 

[maccu@mariolino media]$ ifconfig p37p1

        inet 192.168.1.35  netmask 255.255.255.0  broadcast 192.168.1.255

        

[root@serious ~]# vi /etc/sysconfig/iptables

-A INPUT -s 192.168.1.35 -m state --state NEW -p udp --dport 111 -j ACCEPT

-A INPUT -s 192.168.1.35 -m state --state NEW -p tcp --dport 111 -j ACCEPT

-A INPUT -s 192.168.1.35 -m state --state NEW -p tcp --dport 2049 -j ACCEPT

-A INPUT -s 192.168.1.35 -m state --state NEW -p udp --dport 2049 -j ACCEPT

-A INPUT -s 192.168.1.35  -m state --state NEW -p tcp --dport 32803 -j ACCEPT

-A INPUT -s 192.168.1.35  -m state --state NEW -p udp --dport 32769 -j ACCEPT

-A INPUT -s 192.168.1.35  -m state --state NEW -p tcp --dport 892 -j ACCEPT

-A INPUT -s 192.168.1.35  -m state --state NEW -p udp --dport 892 -j ACCEPT

-A INPUT -s 192.168.1.35  -m state --state NEW -p tcp --dport 875 -j ACCEPT

-A INPUT -s 192.168.1.35  -m state --state NEW -p udp --dport 875 -j ACCEPT

-A INPUT -s 192.168.1.35  -m state --state NEW -p tcp --dport 662 -j ACCEPT

-A INPUT -s 192.168.1.35 -m state --state NEW -p udp --dport 662 -j ACCEPT

 

[root@serious ~]# /etc/init.d/iptables restart 

[root@serious ~]# /etc/init.d/nfs restart 

 

[maccu@mariolino /]$ showmount -e serious

Export list for serious:

/Download 192.168.1.35

[maccu@mariolino /]$ mount -t nfs -o rw serious:/Download /media

mount: only root can use "--types" option

 

[root@mariolino ~]# mount -t nfs -o rw serious:/Download /media

[root@mariolino ~]# df -h 

Filesystem         Size  Used Avail Use% Mounted on

devtmpfs           2.0G     0  2.0G   0% /dev

tmpfs              2.0G  3.1M  2.0G   1% /dev/shm

tmpfs              2.0G  3.5M  2.0G   1% /run

tmpfs              2.0G     0  2.0G   0% /sys/fs/cgroup

/dev/sdb1           29G   15G   14G  52% /

tmpfs              2.0G  116K  2.0G   1% /tmp

/dev/sda1          118G   20G   92G  18% /Virtualdisks

/dev/sdb3          117G   35G   76G  32% /Download

serious:/Download  197G  7.3G  180G   4% /media

 

沒有留言:

LinkWithin-相關文件

Related Posts Plugin for WordPress, Blogger...