1
00:00:00,000 --> 00:00:10,400
In this video, we'll talk about the NFS file services.

2
00:00:10,400 --> 00:00:16,379
NFS is a service that can be used to export directories to NFS clients.

3
00:00:16,379 --> 00:00:21,500
It is a UNIX native file sharing protocol that has been around for a long time.

4
00:00:21,500 --> 00:00:26,900
And it's fast and simple because it is implemented at a Linux kernel level.

5
00:00:26,900 --> 00:00:32,820
In NFS, shares are defined in the etc exports directory, and the NFS server service offers

6
00:00:32,820 --> 00:00:35,939
access to these shares.

7
00:00:35,939 --> 00:00:43,259
Common NFS is using version 4 and later, which offers NFS access on TCP port 2049.

8
00:00:43,259 --> 00:00:50,820
NFS version 3 was taking a different approach, but that is really very old and is deprecated

9
00:00:50,820 --> 00:00:54,580
since the early 2000s.

10
00:00:54,580 --> 00:01:00,060
In legacy NFS, they were using dynamic ports, and these dynamic ports made it harder to

11
00:01:00,060 --> 00:01:03,299
allow it through a firewall.

12
00:01:03,299 --> 00:01:08,820
NFS client uses show mount minus E command to discover shares on the server.

13
00:01:08,820 --> 00:01:14,139
An NFS client can use mount with the optional minus T NFS to identify the mount type as

14
00:01:14,139 --> 00:01:21,220
NFS, followed by server name, colon, share name, on slash mount point, which is the local

15
00:01:21,339 --> 00:01:24,820
mount point for the NFS share.

16
00:01:24,820 --> 00:01:29,660
If you want to allow NFS traffic through the firewall, in many cases, just opening port

17
00:01:29,660 --> 00:01:33,180
2049, surprisingly, is not enough.

18
00:01:33,180 --> 00:01:39,180
And that is because many NFS-related client utilities are still using older components.

19
00:01:39,180 --> 00:01:45,580
And that is why on a firewall, you need to add a couple of services, including RPC bind,

20
00:01:45,580 --> 00:01:47,620
mountd, and NFS.

21
00:01:47,620 --> 00:01:50,739
Let me show you how to set up an NFS server.

22
00:01:50,739 --> 00:01:57,260
So first thing is to install it, dnf.search.nfs is a good way to get started.

23
00:01:57,260 --> 00:01:59,339
And here you can see all the packages.

24
00:01:59,339 --> 00:02:03,980
Now for the client as well as the server, the package that you need is nfs-utils.

25
00:02:03,980 --> 00:02:09,419
So dnf.install minus y nfs-utils is taking care of that.

26
00:02:09,419 --> 00:02:11,779
Then you need to create an export.

27
00:02:11,779 --> 00:02:15,619
And let me create this etc.exports file.

28
00:02:15,619 --> 00:02:19,899
And in this etc.exports file, I'm defining what I want to export.

29
00:02:19,940 --> 00:02:23,740
I'm going to export a random directory, let's say var.

30
00:02:23,740 --> 00:02:26,979
Next, I need to specify to whom I'm exporting it.

31
00:02:26,979 --> 00:02:28,500
And I'm using star.

32
00:02:28,500 --> 00:02:31,619
NFS is doing host-based access control.

33
00:02:31,619 --> 00:02:35,460
And if I'm using star, then any host can access.

34
00:02:35,460 --> 00:02:39,699
rw is for read-write, so the client has read-write access.

35
00:02:39,699 --> 00:02:48,699
And no root squash means that if the client user is a user root, that is OK and will still be the user root

36
00:02:48,699 --> 00:02:50,300
on the remote host.

37
00:02:50,300 --> 00:02:56,339
So now that I have my etc.exports, I can use systemctl start nfs.

38
00:02:56,339 --> 00:03:04,020
And what we need here, I'm using tab completion, as you can see, is the nfs-server.service.

39
00:03:04,020 --> 00:03:05,660
Then we go for the firewall.

40
00:03:05,660 --> 00:03:16,740
So firewall.cmd minus minus add service, nfs minus minus permanent.

41
00:03:16,740 --> 00:03:24,460
Also, we need to add RPC bind.

42
00:03:24,460 --> 00:03:27,899
And we need to add mountd.

43
00:03:27,899 --> 00:03:31,500
That was a typo, it's not mount, it's mountd.

44
00:03:31,500 --> 00:03:37,619
So I've added them in the permanent configuration, so I'm using firewall.cmd minus minus reload

45
00:03:37,619 --> 00:03:39,220
to reload the firewall.

46
00:03:39,220 --> 00:03:45,100
And I'm going for a simple test on my local machine, show mount minus e local host.

47
00:03:45,100 --> 00:03:48,059
And there we can see that the mounts are working.

48
00:03:48,059 --> 00:03:53,860
Now that they are working on a local host, I can access them from a remote host as well.

49
00:03:53,860 --> 00:03:56,860
So I need to go to 29.1.11.

50
00:03:56,860 --> 00:04:02,020
So now I'm on my client machine, and there I'm going to use mount of what?

51
00:04:02,020 --> 00:04:11,699
Well, 192.168.29.1.11 colon slash var, and I'm going to mount it on slash mnt.

52
00:04:11,699 --> 00:04:16,059
Oh, I'm a student user, let's do this with sudo privileges.

53
00:04:16,059 --> 00:04:25,619
So I need sudo dnf install nfs utils, because that is required also for client functionality.

54
00:04:25,619 --> 00:04:34,459
Next from a sudo shell, I'm going to show mount minus e on 192.168.29.1.11.

55
00:04:34,459 --> 00:04:37,059
And that's showing the mount, so that's good news.

56
00:04:37,059 --> 00:04:44,540
And I'm going to use mount 192.168.29.1.11 colon slash var on mnt.

57
00:04:44,540 --> 00:04:48,339
I'm just making a temporary mount, and that is okay.

58
00:04:48,339 --> 00:04:54,619
And you can see that in the mnt directory, I now have access to the nfs shared directory.

59
00:04:54,619 --> 00:04:58,019
And mount on the bottom line of the output is confirming this as well.

60
00:04:58,019 --> 00:04:58,940
So it's working.