Restricting access to NFS shares can be done by restricting firewall access (iptables), or by configuring the /etc/exports file. The /etc/exports file can restrict access to a single machine, a wildcard, or an IP network.
It all starts with installing and starting NFS
- yum install nfs-utils rpcbind
- service nfs start
- service rpcbind start
- Edit /etc/exports
- Configure the export command like the following
- /media 192.168.10.10(rw,no_root_squash)
- Restart the service - service nfs restart
- Edit /etc/exports
- Configure the export command like the following
- /media *.example.com(rw,no_root_squash)
- or /media 192.168.*10(rw,no_root_squash)
- Restart the service - service nfs restart
- Edit /etc/exports
- Configure the export command like the following
- /media 192.168.10.0/24(rw,no_root_squash)
- Restart the service - service nfs restart
2 comments:
In response to these lines :
Restricting to an IP network -- this allows exporting to an entire subnet, or group of addresses
Edit /etc/exports
Configure the export command like the following
/media 192.168.10.0/24(rw,no_root_squash)
Restart the service - service nfs restart
my reply: i think the way you have written netmask is incorrect. if i am not mistaken, the correct way is ::
/media 192.168.10.0/255.255.255.0(rw,no_root_squash)
For anyone reading...
192.168.10.0\24 is correct. The \24 is the CIDR. If you take a Network+ class or learn a little more about subnetting, this will become obvious. \24 indicates a class C network with the IP address 192.168.10.0 is associated with the netmask 255.255.255.0 by using the CIDR notation of 192.168.10.0/24 . This means that the first 24 bits of the IP address given are considered significant for the network routing. So IP 192.168.10.1-192.168.10.254 are included as useable addresses and 192.168.10.0 is reserved as the NetID.
Post a Comment