Wednesday, December 29, 2010

NFS -- Provide network shares to specific clients

Restricting access to NFS shares can be done by restricting firewall access (iptables), or by configuring the /etc/exports file. The /etc/exports file can restrict access to a single machine, a wildcard, or an IP network.
It all starts with installing and starting NFS
  • yum install nfs-utils rpcbind
  • service nfs start
  • service rpcbind start
Restricting to a single machine (can be exported to an IP or hostname)
  • Edit /etc/exports
  • Configure the export command like the following
    • /media 192.168.10.10(rw,no_root_squash)
  • Restart the service - service nfs restart
Restricting to a wildcard -- this allows exporting to a name or IP address with wildcards
  • Edit /etc/exports
  • Configure the export command like the following
    • /media *.example.com(rw,no_root_squash)
    • or /media 192.168.*10(rw,no_root_squash)
  • Restart the service - service nfs restart
 Restricting to an IP network -- this allows exporting to an entire subnet, or group of addresses
  • Edit /etc/exports
  • Configure the export command like the following
    • /media 192.168.10.0/24(rw,no_root_squash)
  • Restart the service - service nfs restart

No comments: