NFS (Now F**king Sorted)


I finally managed to get the NFS mount working, and this is how I did it…

NOTE: This is the initial setup before I’ve secured it up a bit, just for a POC, so don’t do this yourself without doing some extra work to secure it later…

Server Side


$ sudo apt-get update
$ sudo apt-get install nfs-kernel-server


1. Create folder for sharing

$ cd /var
$ sudo mkdir nfs
$ sudo chmod -R 777 nfs

2. Add file

$ cd nfs
$ sudo vi test.txt

(add any old text in, and save)

3. Configure exports

$ sudo vi /etc/exports

Add the following line

/var/nfs  *(rw,sync,subtree_check,insecure)

4. Export and start service

$ sudo exportfs -a
$ sudo service nfs-kernel-server start

5. Confirm installed and running

$ ps aux | grep nfs
$ showmount -e

Client Side

1. Confirm we can see NFS mounts

$ showmount -e {server IP address}


At this point, things weren’t going well. I could not connect to NFS, even just to list mounts. In order to diagnose this, I looked at outgoing traffic from my Mac, using:

$ sudo tcpdump host {server IP address}

This showed me that connections were certainly being attempted from the Mac, but the Ubuntu server was giving nothing back. The next step was to determine if the server firewall was rejecting requests.

Running this on the server, whilst attempting showmount -e {server IP address} again on the client confirmed that connections were being dropped:

$ sudo tail -F /var/log/kern.log

I had some over-eager rules in ufw that were blocking the NFS requests (even though an NMAP port scan showed all the required ports being open, etc.) and once I’d stopped the firewall from blocking connections I could confirm that the folder was now ready to mount.

2. Mount

$ sudo mount -o rw -t nfs {server IP address}:/var/nfs /path/to/local/folder

3. Confirm that mount was successful

$ cd /path/to/local/folder
$ ls
$ cat test.txt

4. Unmount

$ sudo umount -f /path/to/local/folder

And that is about it. Obviously, there are some places where security can immediately be tightened (eg. Don’t just have 777 permissions on the folder, and use specific IP ranges in /etc/exports instead of just *) but this should help in getting NFS up and running initially.

I may revisit this again once my knowledge has improved a bit.




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s