Forcing NFS to use TCP 2049 improves security (NFS4)

/sbin/iptables -A INPUT -p tcp --sport 2049 -m state --state NEW,ESTABLISHED -j ACCEPT /sbin/iptables -A OUTPUT -p tcp --dport 2049 -m state --state NEW,ESTABLISHED -j ACCEPT

nfsstat (see what version of NFS you have installed on the server)

ENSURE fsid=0 (forces NFS4 pseudo file system for accurate mounting)

vi /etc/exports /mnt/mauifs/oxygen-session (rw,wdelay,root_squash,all_squash,no_subtree_check,fsid=0,anonuid=65534,anongid=65534)

/etc/init.d/nfs restart exportfs -v

mount.nfs4 10.10.10.244:/ /mnt/mauifs/oxygen-session

NFS3 is pretty easy

sudo vi /etc/fstab 10.10.10.244:/nfs-share /mnt/remote-share nfs defaults, 0 0

column 1 is "device" and column 2 is mount point and column 3 is file system type (e.g. ext3, ntfs)

options must be stuck together with commas, (extra spaces increases readability)

10.10.10.244:/nfs-share /mnt/remote-share nfs auto,nouser,noexec,rw,sync 0 0

This means the share will auto mount on boot, but only mountable by ROOT, will not allow binaries to execute (using this share) and is read/write with writes committed immediately

instead you can simply use: defaults - uses the default options rw, suid, dev, exec, auto, nouser, and async

The numbers at the end mean "frequency to be dumped for backup" and "order to be fsck'd at backup" 0 for both means "never"

To force NFS to use TCP (and thereby improve ease/security of firewalls...)

(IP of server:/home/share /home/mnt nfs nosuid,proto=tcp,port=2049 0 0) (note this may depend on NFS4)

FIREWALL CONFIGURATION

DEFAULT The portmap (a.k.a. rpcbind) itself is always on Port 111 (tcp & udp) Network File System (NFS) uses UDP port 2049

(ubuntu = /etc/default/nfs-common or nfs-kernel-server )

mount ... -o port=2049

NFS4 (which only uses port 2049 TCP) requires a different mounting paradigm

mount -t nfs4 :/ /mount/point

not mount -t nfs4 :/exports /mount/point

automountd = 892? 2049

failed, reason given by server: No such file or directory (needs fsid =0)

mount.nfs4 10.10.10.244:/ /mnt

mount -t nfs4 -o proto=tcp,port=2049 10.10.10.244:/ /mnt

mount.nfs4 10.10.10.244:/mnt/mauifs/oxygen-session /mnt/oxygen-session -v showmount 10.10.10.244 -e

mount nfs4 -o fsid=42

sudo cp /etc/fstab /etc/fstab_old

sudo nano /root/.smbcredentials username=winusername password=winpassword

sudo chmod 700 /root/.smbcredentials

sudo nano /etc/fstab

//netbiosname/sharename /media/sharename cifs credentials=/root/.smbcredentials,iocharset=utf8,file_mode=0777,dir_mode=0777 0 0

mount.cifs //192.168.1.35/external /mnt/backup -o username=DOMAIN/username

mount -t cifs //192.168.1.35/external /mnt/external -o username=DOMAIN/username