Forcing NFS to use TCP 2049 improves security (NFS4)
/sbin/iptables -A INPUT -p tcp --sport 2049 -m state --state NEW,ESTABLISHED -j ACCEPT /sbin/iptables -A OUTPUT -p tcp --dport 2049 -m state --state NEW,ESTABLISHED -j ACCEPT
nfsstat (see what version of NFS you have installed on the server)
ENSURE fsid=0 (forces NFS4 pseudo file system for accurate mounting)
vi /etc/exports
/mnt/mauifs/oxygen-session
/etc/init.d/nfs restart exportfs -v
mount.nfs4 10.10.10.244:/ /mnt/mauifs/oxygen-session
NFS3 is pretty easy
sudo vi /etc/fstab 10.10.10.244:/nfs-share /mnt/remote-share nfs defaults, 0 0
column 1 is "device" and column 2 is mount point and column 3 is file system type (e.g. ext3, ntfs)
options must be stuck together with commas, (extra spaces increases readability)
10.10.10.244:/nfs-share /mnt/remote-share nfs auto,nouser,noexec,rw,sync 0 0
This means the share will auto mount on boot, but only mountable by ROOT, will not allow binaries to execute (using this share) and is read/write with writes committed immediately
instead you can simply use: defaults - uses the default options rw, suid, dev, exec, auto, nouser, and async
The numbers at the end mean "frequency to be dumped for backup" and "order to be fsck'd at backup" 0 for both means "never"
To force NFS to use TCP (and thereby improve ease/security of firewalls...)
(IP of server:/home/share /home/mnt nfs nosuid,proto=tcp,port=2049 0 0) (note this may depend on NFS4)
FIREWALL CONFIGURATION
DEFAULT The portmap (a.k.a. rpcbind) itself is always on Port 111 (tcp & udp) Network File System (NFS) uses UDP port 2049
(ubuntu = /etc/default/nfs-common or nfs-kernel-server )
mount ... -o port=2049
NFS4 (which only uses port 2049 TCP) requires a different mounting paradigm
mount -t nfs4 :/ /mount/point
not mount -t nfs4
automountd = 892? 2049
failed, reason given by server: No such file or directory (needs fsid =0)
mount.nfs4 10.10.10.244:/ /mnt
mount -t nfs4 -o proto=tcp,port=2049 10.10.10.244:/ /mnt
mount.nfs4 10.10.10.244:/mnt/mauifs/oxygen-session /mnt/oxygen-session -v showmount 10.10.10.244 -e
mount nfs4 -o fsid=42
sudo cp /etc/fstab /etc/fstab_old
sudo nano /root/.smbcredentials username=winusername password=winpassword
sudo chmod 700 /root/.smbcredentials
sudo nano /etc/fstab
//netbiosname/sharename /media/sharename cifs credentials=/root/.smbcredentials,iocharset=utf8,file_mode=0777,dir_mode=0777 0 0
mount.cifs //192.168.1.35/external /mnt/backup -o username=DOMAIN/username
mount -t cifs //192.168.1.35/external /mnt/external -o username=DOMAIN/username