Difference between revisions of "Talk:NFS"

From ArchWiki
Jump to: navigation, search
(moved from Talk:NFSv4)
(Make iptables.rules syntax more clear)
(15 intermediate revisions by 6 users not shown)
Line 1: Line 1:
==<s>Out of date</s>==
+
I think that {{ic|/etc/systemd/system/auto_share.service}} should contain the following line after {{ic|Description}}:
this article is completely outdated and needs a serious overhaul, especially since the package for nfs4-utils is out-dated and doesn't include the init scripts it's supposed to.
+
After=NetworkManager-wait-online.service
:Done. (And nfs4-utilities now includes all necessary init scripts.) [[User:Lithis|Lithis]] 21:03, 19 March 2009 (EDT)
+
Before=systemd-user-sessions.service
 +
The rationale for this is that you need to wait for the network to be up and running before attempting an NFS connect from client-side. You also need to perform the NFS mountings before making user sessions available, because the latter may be dependent on the former. For example, my bash profile is stored on a remote server, so I need NFS drives mounted before I even attempt a login. On some systems, maybe the whole {{ic|home}} directory is on a different computer (as would be the case for thin clients), meaning that they should definitely be mounted before users can log in.
  
==exportfs-error==
+
You need to enable {{ic|NetworkManager-wait-online.service}} like so:
I applied this article to my server today and I found an exportfs-error: in /etc/exports a range of clients has to be described like 'ip/netmask'. CORRECT WAY: '192.168.0.0/255.255.255.0', whereas the example on this page throws an error.--[[User:Zenlord|Zenlord]] 08:34, 30 September 2009 (EDT)
+
# systemctl enable NetworkManager-wait-online
 +
I can't help thinking that this is a bit of a kludge in any event, and is a scenario that should be handled automatically by {{ic|systemd}}.
  
==<s>Merge with NFS</s>==
 
I'm curently making a translation of [[NFS]]. I'm planning to make a merge of the two NFS articles in it but I have to review all the information first. Once I finish the Spanish version I will update the English version. -- [[User:IR3uL|IR3uL]] 16:32, 11 February 2010 (-03:00)
 
:2 years later, nothing happened, closing. -- [[User:Kynikos|Kynikos]] ([[User talk:Kynikos|talk]]) 11:11, 6 June 2012 (UTC)
 
  
==SSH tunnelling==
+
{{ic|/etc/systemd/system/auto_share.service}} is a bad place to create the file. Instead, do it in the standard way by creating it as {{ic|/lib/systemd/system/auto_share.service}} and re-enabling it using the command
Since NFSv4 is a insecure protocol (doesn't encrypt traffic), what about adding some info about tunneling it with SSH? This link is very useful: http://blogs.sun.com/shepler/entry/tunneling_nfs_traffic_via_ssh
+
# systemctl reenable auto_share.service
The only problem, rpcbind has to be also tunneled.
+
  
==client ip address/ranges==
+
--[[User:Blippy|Blippy]] ([[User talk:Blippy|talk]]) 20:24, 8 September 2013 (UTC)
Also mentioning that we need to put client ip address/ranges in the /etc/exports might be a good idea for people using NFS for the first time. [[User:Inxsible|Inxsible]]
+
  
== Mounting the partitions on the client ==
+
== Make iptables.rules syntax more clear ==
I tried following the wiki but it seems that, for the client, it is no longer necessary to start rpcbind or nfs-common services.--[[User:Angheloko|Angheloko]] 11:44, 8 October 2011 (EDT)
+
For me the file /etc/iptables/iptables.rules didn't exist so I created it with the lines in Firewall configuration section. After that iptables failed to start, giving syntax errors. After some searching, I added "*nat" at top and "COMMIT" at bottom of the file, and it worked.
 +
Will adding this info make it more clear or should we leave it way it is?
 +
[[User:Axper|axper]] ([[User talk:Axper|talk]]) 18:48, 28 September 2013 (UTC)
 +
 
 +
If /etc/iptables/iptables.rules didn't exist then you didn't use a firewall and there was no need to do any configuration to enable NFS access through a firewall. I don't think we should add too much information about how to configure a firewall in general on the NFS page.
 +
I checked the [[ssh#Troubleshooting|ssh]] page to see how they address firewalls (ssh was the first thing I could think of that probably needs some firewall configuration) and they use command like
 +
# iptables -I INPUT 1 -p tcp --dport 22 -j ACCEPT
 +
instead of editing iptables.rules.
 +
Should we change the article to show commands similar to above rather than talking about /etc/iptables/iptables.rules or should we just keep the one sentence mentioning the port numbers and protocols?
 +
[[User:Crawlman|Crawlman]] ([[User talk:Crawlman|talk]]) 07:24, 18 December 2013 (UTC)

Revision as of 07:24, 18 December 2013

I think that /etc/systemd/system/auto_share.service should contain the following line after Description:

After=NetworkManager-wait-online.service
Before=systemd-user-sessions.service

The rationale for this is that you need to wait for the network to be up and running before attempting an NFS connect from client-side. You also need to perform the NFS mountings before making user sessions available, because the latter may be dependent on the former. For example, my bash profile is stored on a remote server, so I need NFS drives mounted before I even attempt a login. On some systems, maybe the whole home directory is on a different computer (as would be the case for thin clients), meaning that they should definitely be mounted before users can log in.

You need to enable NetworkManager-wait-online.service like so:

# systemctl enable NetworkManager-wait-online

I can't help thinking that this is a bit of a kludge in any event, and is a scenario that should be handled automatically by systemd.


/etc/systemd/system/auto_share.service is a bad place to create the file. Instead, do it in the standard way by creating it as /lib/systemd/system/auto_share.service and re-enabling it using the command

# systemctl reenable auto_share.service

--Blippy (talk) 20:24, 8 September 2013 (UTC)

Make iptables.rules syntax more clear

For me the file /etc/iptables/iptables.rules didn't exist so I created it with the lines in Firewall configuration section. After that iptables failed to start, giving syntax errors. After some searching, I added "*nat" at top and "COMMIT" at bottom of the file, and it worked. Will adding this info make it more clear or should we leave it way it is? axper (talk) 18:48, 28 September 2013 (UTC)

If /etc/iptables/iptables.rules didn't exist then you didn't use a firewall and there was no need to do any configuration to enable NFS access through a firewall. I don't think we should add too much information about how to configure a firewall in general on the NFS page. I checked the ssh page to see how they address firewalls (ssh was the first thing I could think of that probably needs some firewall configuration) and they use command like

# iptables -I INPUT 1 -p tcp --dport 22 -j ACCEPT

instead of editing iptables.rules. Should we change the article to show commands similar to above rather than talking about /etc/iptables/iptables.rules or should we just keep the one sentence mentioning the port numbers and protocols? Crawlman (talk) 07:24, 18 December 2013 (UTC)