From time to time, you might want to stand up a NFS server on your Linux box to server some file sharing requests. It’s quite simple to do that if you know what needs to be done.

1. Make sure you have necessary packages.
2. Enable and start NFS related services.
3. Enable NFS related services in the firewall.

1. Check if the nfs-utils package is installed. If not, install it.

dnf info nfs-utils
dnf install nfs-utils

2. Check services rpc-statd, rpcbind, nfs-mountd and nfs-server. Enable and start them if they are not enabled. If disk quotas is used, rpc-rquotad also needs to be enabled and corresponding port (default 875, defined in /etc/services) needs to be enabled.

systemctl status rpc-statd
systemctl status rpcbind
systemctl status nfs-mountd
systemctl status nfs-server

systemctl enable rpc-statd
systemctl start rpc-statd

systemctl enable rpcbind
systemctl start rpcbind

systemctl enable nfs-mountd
systemctl start nfs-mountd

systemctl enable nfs-server
systemctl start nfs-server

If they are not running, you will get the following error after you configure an export directory and try to see if it’s shared out or not

root@joetest:~# cat /etc/exports
/tmp      *(rw,async,anonuid=1000,anongid=1002)

root@joetest:~# showmount --exports
clnt_create: RPC: Program not registered

And after services are up and running, you can see that from rpcinfo and ss (netstat) output:

root@joetest:~# ss -a|grep :nfs
tcp   LISTEN     0      64            0.0.0.0:nfs            0.0.0.0:*
tcp   ESTAB      0      0        10.17.54.166:nfs       10.17.54.168:877
tcp   LISTEN     0      64               [::]:nfs               [::]:*

root@joetest:~# rpcinfo -p | grep nfs
    100003    3   tcp   2049  nfs
    100003    4   tcp   2049  nfs
    100227    3   tcp   2049  nfs_acl

root@joetest:~# rpcinfo -p
   program vers proto   port  service
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100000    2   tcp    111  portmapper
    100000    4   udp    111  portmapper
    100000    3   udp    111  portmapper
    100000    2   udp    111  portmapper
    100024    1   udp  35312  status
    100024    1   tcp  49957  status
    100005    1   udp  20048  mountd
    100005    1   tcp  20048  mountd
    100005    2   udp  20048  mountd
    100005    2   tcp  20048  mountd
    100005    3   udp  20048  mountd
    100005    3   tcp  20048  mountd
    100003    3   tcp   2049  nfs
    100003    4   tcp   2049  nfs
    100227    3   tcp   2049  nfs_acl
    100021    1   udp  32884  nlockmgr
    100021    3   udp  32884  nlockmgr
    100021    4   udp  32884  nlockmgr
    100021    1   tcp  40609  nlockmgr
    100021    3   tcp  40609  nlockmgr
    100021    4   tcp  40609  nlockmgr

root@joetest:~# rpcinfo -p | awk '{print $3" "$4}' | sort -k2n | uniq
proto port
tcp 111
udp 111
tcp 2049
tcp 20048
udp 20048
udp 32884
udp 35312
tcp 40609
tcp 49957

3. Enable NFS related service in the firewall

Instead of enabling NFS related port numbers directly(e.g. 111 & 2049 with TCP/UDP), it’s better to enable NFS related services because rpcbind dynamically assigns ports for RPC services can cause problems for configuring firewall rules.

firewall-cmd --permanent --add-service=nfs
firewall-cmd --permanent --add-service=mountd
firewall-cmd --permanent --add-service=rpc-bind
firewall-cmd --reload

ports used by RPC service nlockmgr and rpc.statd can be specified in /etc/nfs.conf so they stay the same values

[lockd]

port=tcp-port-number
udp-port=udp-port-number

[statd]

port=port-number

If you specify static ports, you need to restart services accordingly

# systemctl restart rpc-statd.service
# systemctl restart nfs-server.service

Alternatively, lockd ports can be specified in /etc/modprobe.d/lockd.conf. If you change lockd ports there, you can use

# sysctl -w fs.nfs.nlm_tcpport=<tcp-port>
# sysctl -w fs.nfs.nlm_udpport=<udp-port>

to update current values of /proc/sys/fs/nfs/nlm_tcpport and /proc/sys/fs/nfs/nlm_udpport. Then restart services.

NFS clients running behind a firewall might also needs some similar configurations because the NFS server needs to perform callbacks to the NFS client.

Below is for NFS v4.0 client only, not for NFS v4.1 or higher because in the later protocol versions the server performs callbacks on the same connection that was initiated by the client.

# echo "fs.nfs.nfs_callback_tcpport = <callback-port>" >/etc/sysctl.d/90-nfs-callback-port.conf
# sysctl -p /etc/sysctl.d/90-nfs-callback-port.conf

firewall-cmd --permanent --add-port=<callback-port>/tcp
firewall-cmd --reload

Now if you check from another linux as the NFS client, you should be able to see the directory shared out and mount it

root@nfsclient:~# showmount --exports 10.202.69.41
Export list for 10.198.69.41:
/tmp *

• Linux