# Server configuration file and configuration method of nfs echo '/newnfs 192.168.3.*rw,sync,no_root_squash)' >> /etc/exports # Create a new folder in the root directory, permissions 777 mkdir /newnfs && chmod 777 /newnfs
# Restart rpcbind and nfs-server services systemctl restart rpcbind && systemctl restart nfs-server # Client of nfs # View Sever Information showmount -e 192.168.2.197
# mount mkdir /newnfs mount -t nfs 192.168.2.197:/newnfs /newnfs
File transfer series
- sftp is implemented based on ssh, so after sshd is started, sftp comes with it, and it can be used without any additional configuration.
- ftp is the most "traditional" file transfer protocol, but the message is not encrypted, you can directly see the account password in the header by capturing the packet, which is not safe.
- smb:139/udp and 445/tcp
- smb is a protocol created by Microsoft, which is currently used to transfer files between Windows systems and Linux systems.
- webdav is my favorite transmission method. If you only need to download files, you don't even need an additional download software client. Just open it on the web and also support https.
- nfs:2049/tcp and rpc:111/tcp
- To transfer files between multiple Linux machines, nfs is nothing more than the best choice. Nfs can mount files of other Linux hosts on this Linux, just as convenient as managing local files.
- Learn about NFS today
Overview of NFS
- NFS(Network File System) is a network file system protocol based on TCP/IP transmission. By using the NFS protocol, clients can access shared resources in remote servers as if they were local directories
- NAS storage: The implementation of the NFS service relies on the RPC (Remote Process Call) mechanism to complete the remote-to-local mapping process.
- NFS requires two packages
- nfs-utils: the main program responsible for file transfer
- rpcbind: It can convert RPC program numbers and general addresses to each other, and is responsible for information transmission.
- The two have a division of labor, and nfs can only be started after rpcbind is started.
# You can first check whether the machine has nfs installed # rpm seriesLinux rpm -aq | grep nfs # deb series dpkg -l | grep nfs # The same is true for querying rpcbind
# If not, install it # rpm, of course, can also be installed with the dnf command yum install nfs-utils rpcbind # deb apt install nfs-utils rpcbind
[root@client_149 ~]# cat /etc/exports [root@client_149 ~]#
Format of the configuration file
- 1. The first item is the absolute path of the directory
- 2. Wildcards can be used for the ip that allows access, for example, 192.168.2.* means 192.168.2.0-255 can be accessed
- 3. Permission parameters, there are three pairs
File read and write permissions
Login Account Mapping Anonymous
How to synchronize data
New shared folder
[root@server_197 ~]# mkdir /newnfs [root@server_197 ~]# ll / | grep newnfs drwxr-xr-x. 2 root root 6 Aug 30 19:57 newnfs [root@server_197 ~]# chmod -R 777 /newnfs/ [root@server_197 ~]# ll / | grep newnfs drwxrwxrwx. 2 root root 6 Aug 30 19:57 newnfs
[root@server_197 ~]# echo '/newnfs 192.168.2.*rw,sync,no_root_squash)' >> /etc/exports [root@server_197 ~]# cat /etc/exports /newnfs 192.168.2.(rw,sync,no_root_squash)
Fixed port (optional)
If you are using ipstables, or have other network segment port restrictions, you may need to fix the port.
- nfs uses the port
- portmapper (provided by rpc-bind) port: 111 udp/tcp
- nfs/nfs_acl (provided by nfs) port: 2049 udp/tcp
- mountd port: 32768-65535 udp/tcp
- nlockmgr port: 32768-65535 udp/tcp
RQUOTAD_PORT=4001 LOCKD_TCPPORT=4002 LOCKD_UDPPORT=4002 MOUNTD_PORT=4003 STATD_PORT=4004
Start the service and start up
[root@server_197 ~]# systemctl restart rpcbind [root@server_197 ~]# systemctl enable rpcbind [root@server_197 ~]# systemctl restart nfs-server
[root@server_197 ~]# systemctl enable nfs-server Created symlink from /etc/systemd/system/multi-user.target.wants/nfs-server.service to /usr/lib/systemd/system/nfs-server.service.
Use netstat to see if there is a port listening, and if it is, the startup is successful.
[root@server_197 ~]# netstat -tlpn | grep "2049\|111" tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd tcp 0 0 0.0.0.0:2049 0.0.0.0:* LISTEN - tcp6 0 0 :::111 :::* LISTEN 1/systemd tcp6 0 0 :::2049 :::* LISTEN -
firewall and iptables
systemctl stop iptables systemctl disable iptables
[root@server_197 ~]# firewall-cmd --permanent --add-service=nfs success [root@server_197 ~]# firewall-cmd --permanent --add-service=rpc-bind success [root@server_197 ~]# firewall-cmd --permanent --add-service=mountd success [root@server_197 ~]# firewall-cmd --reload success
iptables is a bit limited. If you have to use it, first fix the mountd port according to the previous options. I usually turn off iptables and leave the firewall first. But still write it like this, in case it is useful.
Fixed ports with previously set mountd, 4001-4004, and nfs:2049, rpc:111
iptables -A INPUT -p tcp -m tcp --dport 111 -j ACCEPT iptables -A INPUT -p udp -m udp --dport 111 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 2049 -j ACCEPT iptables -A INPUT -p udp -m udp --dport 2049 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 4001:4004 -j ACCEPT iptables -A INPUT -p udp -m udp --dport 4001:4004 -j ACCEPT # iptables -I : Add a new rule chain # iptables -A : add a rule chain # ptables -I Added rules are placed at the top of existing rules, iptables -A at the end of existing rules.
Restart the firewall
As the use of the Client, it is equivalent to the Sever sharing a hard disk, and we can directly mount it locally on the Client.
Let's take a look at the Sever shared information, which is the configuration corresponding to our previous /etc/exports in Sever.
If it is not within the scope of the license, it will prompt mount.nfs: access denied by server while mounting.
- showmount -[e|a|v] <ip>
- -e, view shared information (remember -e)
- -a, check the status of the file resources mounted on the machine NFS resources
- -v, view nfs version
mount -t nfs 192.168.2.197:/newnfs /newnfs
- Mount 192.168.2.197:/newnfs on /newnfs of the local machine, because the permissions are set before this folder is 777
[root@client_149 ~]# showmount -e 192.168.2.197 #Take a look at the information shared by Sever first Export list for 192.168.2.197: /newnfs 192.168.2.* [root@client_149 ~]# mount -t nfs 192.168.2.197:/newnfs /newnfs
- You can also mount all from the root directory, but because there is no permission, you can only see /newnfs with 777 permissions
# Create a new folder to mount the root directory of the Server [root@client_149 ~]# mkdir /nfs_197 # mount [root@client_149 ~]# mount -t nfs 192.168.2.197:/ /nfs_197 # Check the contents of the mounted directory [root@client_149 ~]# ll /nfs_197 total 0 drwxrwxrwx. 2 root root 20 Aug 31 01:30 newnfs
After restarting, it will be mounted again. We can edit /etc/fstab to set up automatic mounting.
append at the end
echo '192.168.2.197:/newnfs /newnfs nfs 0 0' >> /etc/fstab
If it does not take effect, set the automatic mount to start at boot.
systemctl start remote-fs.target systemctl enable remote-fs.target
Of course, you can also automatically execute the mount command /etc/rc.local at boot time
# Append the previous mount command to the end of rc.local [root@client_149 ~]# echo 'mount -t nfs 192.168.2.197:/newnfs /newnfs' >> /etc/rc.local # Check it out after adding [root@client_149 ~]# cat /etc/rc.local | grep -v "#" touch /var/lock/subsys/local mount -t nfs 192.168.2.197:/newnfs /newnfs
Remember to make this /etc/rc.local executable +x
At present, both Server and Client have been configured. We create a new file in the shared and mounted directory on any host of Server and Client, and then check it on another host.