NFS storage write permissions

mekkanizer asked:

I have installed NFS Server on CentOS 7. I have two other hosts, that I want to share different directories with. Here’s my /etc/exports file:

/home/WS2016    192.168.200.2(rw,sync,no_subtree_check)
/home/debian    192.168.120.1(rw,sync,no_subtree_check)

As shared directories’ names hint, one is dedicated to Windows Server 2016, and the other to Debian 9 host.
Debian 9 only needs port 2049 (!) to be open for sudo mount 192.168.120.2:/home/debian /mnt/nfs/storage. R/W access works fine with just that port being allowed by iptables.
Windows Server on the other hand, can have at best R/O access through UNC (\\IP\) or Network Drive Mapping.
To know which ports are used, I grep udp from rpcinfo -p‘s output and ignore dynamic ports. I am not sure about port 20048. Debian does not need it?

111 portmapper
2049 nfs
2049 nfs_acl
20048 mountd

So, I would like to know:

  • Is it possible to leave just port(s) 2049/111 opened for TCP/UDP and have working R/W access via UNC path on Windows?
  • If not, do I simply combine -s 192.168.200.2 and -m multiport --dports 111,2049,20048 flags in an iptables rule?

Quick UPD: here’s ls -la /home/ output from the NFS Server host

[[email protected] ~]# ls -la /home/
total 0
drwxr-xr-x.  5 root      root       51 10. may 10.48 .
dr-xr-xr-x. 17 root      root      242  9. may 22.07 ..
drwxr-xr-x   2 nfsnobody nfsnobody  32 10. may 12.34 debian
drwxr-xr-x   2 nfsnobody nfsnobody  18 10. may 15.54 WS2016

My answer:


NFSv4 requires only port 2049. It’s unlikely that the mount being readonly has anything to do with which ports are open, provided you actually mounted the share with NFSv4. (And there’s virtually no reason to use the ancient 1990s era NFSv3 or the prehistoric NFSv2. You should ensure that you aren’t.)


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.