# Howto: NFS Server and Client

## deffe

EDIT: Added iptables and nfs howto near bottom of this post.

This might have been posted before but I couldn't find an all inclusive thread, so here is mine. I am no expert with NFS since I just got it working.  I don't have a 2.4x boxen around so I can't post the kernel selections.

SERVER

Make sure that you have the support within your kernel:

```

# cd /usr/src/linux

# make menuconfig

File systems  ---> 

Network File Systems  --->

<*> NFS file system support                                                                                    

[*]   Provide NFSv3 client support                                                                             

[ ]   Provide NFSv4 client support (EXPERIMENTAL)                                                              

[ ]   Allow direct I/O on NFS files (EXPERIMENTAL)                                                             

<*> NFS server support                                                                                         

[*]   Provide NFSv3 server support                                                                             

[ ]     Provide NFSv4 server support (EXPERIMENTAL)                                                            

[*]   Provide NFS server over TCP support (EXPERIMENTAL)     

```

Compile the kernel and copy:

```

# make && make modules_install

# mount /boot/

# cp arch/i386/boot/bzImage /boot/kernel-2.6.7

```

Reboot the server to allow new options to load within the kernel.

Emerge NFS:

```
# emerge -v nfs-utils
```

Configure your exports:

```

# nano /etc/exports

# /etc/exports: NFS file systems being exported.  See exports(5).

/storage        192.168.0.5(rw)

```

There is a good explanation of how to setup the exports file here:

http://nfs.sourceforge.net/nfs-howto/server.html

Portmap is required for NFS:

```

# /etc/init.d/portmap start

# rc-update add portmap default

```

Start up NFS daemon:

```

# /etc/init.d/nfs start

# rc-update add nfs default

```

Check to make sure that NFS services have started:

```

# rpcinfo -p

   program vers proto   port

    100000    2   tcp    111  portmapper

    100000    2   udp    111  portmapper

    100024    1   udp  32771  status

    100024    1   tcp  32771  status

    100003    2   udp   2049  nfs

    100003    3   udp   2049  nfs

    100003    2   tcp   2049  nfs

    100003    3   tcp   2049  nfs

    100021    1   udp  32772  nlockmgr

    100021    3   udp  32772  nlockmgr

    100021    4   udp  32772  nlockmgr

    100021    1   tcp  32772  nlockmgr

    100021    3   tcp  32772  nlockmgr

    100021    4   tcp  32772  nlockmgr

    100005    1   udp    797  mountd

    100005    1   tcp    800  mountd

    100005    2   udp    797  mountd

    100005    2   tcp    800  mountd

    100005    3   udp    797  mountd

    100005    3   tcp    800  mountd

```

If you are going to make a change to your exports file it is recommended that you run the following command and restart the NFS daemon:

```

# exportfs -ra

# /etc/init.d/nfs restart

```

CLIENT

Make sure that you have the support within your kernel:

```

# cd /usr/src/linux

# make menuconfig

File systems  ---> 

Network File Systems  --->

<*> NFS file system support                                                                                    

[*]   Provide NFSv3 client support                                                                             

[ ]   Provide NFSv4 client support (EXPERIMENTAL)                                                              

[ ]   Allow direct I/O on NFS files (EXPERIMENTAL)                                                              

```

Compile the kernel and copy:

```

# make && make modules_install

# mount /boot/

# cp arch/i386/boot/bzImage /boot/kernel-2.6.7

```

Reboot the client to allow new options to load within the kernel.

Emerge NFS:

```
# emerge -v nfs-utils
```

Portmap is required for NFS:

```

# /etc/init.d/portmap start

# rc-update add portmap default

```

The NFS daemon is required on the client:

```

# /etc/init.d/nfs start

# rc-update add nfs default

```

Mount the NFS share:

```

# mount 192.168.0.2:/storage /mnt/nfs

```

Check the NFS site for the various methods of mounting shares on boot:

http://nfs.sourceforge.net/nfs-howto/client.html

ADDITION:

NFS and iptables

If you want to use iptables along with your nfs server please follow these directions:

```

# emerge iptables

# cd /usr/src/linux; make menuconfig

-Device Drivers

-Networking Support

-Networking Options

-[*] Network packet filtering

-IP: Netfilter Configuration

NOTE: Change all [*] to [M] in Netfilter Configuration

# make && make modules_install

# mount /boot

# cp arch/i386/boot/bzImage /boot/kernel

# nano /etc/conf.d/nfs

# Options to pass to rpc.mountd

# ex. RPCMOUNTDOPTS="-p 32767

RPCMOUNTDOPTS="-p 4002"

# Options to pass to rpc.statd

# ex. RPCSTATDOPTS="-p 32765 -o 32766"

RPCSTATDOPTS="-p 4000"

# nano /etc/modules/autoload/kernel

ip_tables

# reboot

```

Add lockd.nlm_udpport=4001 lockd.nlm_tcpport=4001 to the end of the kernel line in /boot/grub/grub.conf

```

# nano /sbin/firewall

-- start script --

#!/bin/bash

# script variables

IPTABLES='/sbin/iptables'       # iptables executable

# Flush all chains

$IPTABLES --flush

# Allow unlimited traffic on the loopback interface

$IPTABLES -A INPUT -i lo -j ACCEPT

$IPTABLES -A OUTPUT -o lo -j ACCEPT

# Set default policies

$IPTABLES --policy INPUT DROP

$IPTABLES --policy OUTPUT DROP

$IPTABLES --policy FORWARD DROP

# Previously initiated and accepted exchanges bypass rule checking

# Allow unlimited outbound traffic

$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

# Allow ICMP ECHO REQUESTS from anywhere

$IPTABLES -A INPUT -p icmp --icmp-type echo-request -j ACCEPT

# for SSH server

$IPTABLES -A INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT

# for NFS server

$IPTABLES -A INPUT -p tcp -m tcp -s --dport 111 -j ACCEPT

$IPTABLES -A INPUT -p tcp -m tcp -s --dport 2049 -j ACCEPT

$IPTABLES -A INPUT -p tcp -m tcp -s --dport 4000 -j ACCEPT

$IPTABLES -A INPUT -p tcp -m tcp -s --dport 4001 -j ACCEPT

$IPTABLES -A INPUT -p tcp -m tcp -s --dport 4002 -j ACCEPT

$IPTABLES -A INPUT -p udp -m udp -s --dport 111 -j ACCEPT

$IPTABLES -A INPUT -p udp -m udp -s --dport 2049 -j ACCEPT

$IPTABLES -A INPUT -p udp -m udp -s --dport 4000 -j ACCEPT

$IPTABLES -A INPUT -p udp -m udp -s --dport 4001 -j ACCEPT

$IPTABLES -A INPUT -p udp -m udp -s --dport 4002 -j ACCEPT

# Drop all other traffic

$IPTABLES -A INPUT -j DROP

-- end script --

# chmod 700 /sbin/firewall

# nano /etc/conf.d/local.start

/sbin/firewall (I know it's a hack so sue me)

```

----------

## soNNe

Thanks just what i was looking for. NFS is really simple, but it is still nice to have some documentation

----------

## arlequin

Some options/tweaks about optimizing NFS would be great   :Wink: 

----------

## MADcow

very good.

exactly what i needed.

----------

## kcobain

Thx for guide, a question: i have configured a server with nfs enabled to share files with my desktop machines in a 100mb lan, but when i transfer files i'm getting only 600 Kb/s more or les...  it's a bit slow, dont think so? how i can speedup this?

Thanxs

----------

## vridmoment

I had the same problem for a while. Turns out i had somehow misplaced the dma-settings for the IDE-drives   :Embarassed: 

So the real trouble was not in NFS that time.

After turning on DMA and various other good things (TM) the transfer rate went to ~6MB/s which I guess is about all you can get from that poor old box.

----------

## dsegel

The nfs-utils package is not required on the client side and you do not need to be running the nfs daemon on the client.

Just enable the nfs client options in the kernel and then you can mount nfs shares with the standard mount command. I define my nfs mounts in my /etc/fstab file and use the nfsvers=3 option so I can transfer large files, and it all works fine.

----------

## elpollodiablo

i use the next line to mount all my nfs volumes on a p3 1000 server. the transfer rate is 10 / 12 Mbps

```

menace:/mnt/storage                      /mnt/storage    nfs            rw,users,auto,hard,intr,tcp,retrans=5,rsize=8192,wsize=8192     0 0

```

rsize and wsize could actually be not so optimized for your setup.... mess around with those!

----------

## Mark McGann

This was a very helpful post.

-Mark

----------

## hbp4c

The nfs protocol was designed to run over UDP not TCP.  Therefore, nfs already has in its code an error-checking ability.  Using TCP is slightly slower, and doesn't really gain you much (except allowing you to hand off the error checking ability to the network layer instead of the main processor, which can be advantageous on heavy loaded and slow processors.).

For systems with slow disk I/O, if speed is really what you need to get out of nfs, you'll have to enable the async option on the server:

```

/etc/exports:

/home           128.143.57.1/255.255.255.0(rw,async)

```

Beware: doing this allows nfs to acknowledge receipt of data without actually sync'ing it to disk.  (this is the opposite of the sync which forces nfs to sync data to disk before acknowledgement).   Sync in the default option, excluding it from the directives in /etc/exports will effectively enable it.

For me, on a precision 360 workstation connecting to a second precision 360 via 100mb network, this increases the performance by a factor of at least two.  (note that hdparm was set for ata/100 disk access and was dma enabled).  To properly run this test, I rebooted both machines to ensure that the data was not cached by nfs in any way (another default behavior).  

However, on high I/O systems (a scsi based raid is a good example) the async will make much less of a difference.  On a U160 raid5 array the sync/async option made no difference at all.

Most people I've talked to about nfs have told me that even though the async is dangerous (if the system dies before sync'ing data, the data is lost) but it is necessary for performance in many situations. It is worth experimenting with, YYMV.

----------

## hbp4c

Another useful option is the no_root_squash directive.

```
/etc/exports:

/home           128.143.57.1/255.255.255.0(rw,async,no_root_squash)

```

Root squashing is the idea that on a mounted nfs file system, root has no permissions to modify anything (effectively making root a nobody-level user).  For NFS servers who export their filesystem to machines where other people have root access, root_squash is very necessary as a security measure (it keeps a rouge root from deleting all the files on that mount, for example).  

However, for a network where root is the same person on all machines (or the root user is trusted on all machines) then no_root_squash re-enables the root permissions for the nfs share.

----------

## GurliGebis

How about NFS4, how does that work?

----------

## Dhaki

And for use NFS with Samba autentification (in a Windows server   :Embarassed:  )? Who know how to make this?

----------

## BlinkEye

thanks for the howto and thanks to hbp4c for his elaboration

----------

## tecknojunky

 *dsegel wrote:*   

> The nfs-utils package is not required on the client side and you do not need to be running the nfs daemon on the client.
> 
> Just enable the nfs client options in the kernel and then you can mount nfs shares with the standard mount command. I define my nfs mounts in my /etc/fstab file and use the nfsvers=3 option so I can transfer large files, and it all works fine.

 I was about to post about this mistake.  Good thing I checked if someone else pointed that out.

 *GurliGebis wrote:*   

> How about NFS4, how does that work?

 I got it working (kinda) on one of the setups (a cluster) I have acces to.  Look into the Bugzilla.  There's an ebuild to start with.  A couple of fudging are needed because the Gentoo core is unaware of nfs4 (ie: netmount can't identify the nfs4 tag in fstab, etc).

----------

## bsdvodsky

wiki has been updated!

http://gentoo-wiki.com/HOWTO_Share_Directories_via_NFS

----------

## flipnode

Great quickie HowTo! Thanks for the quick reference.

Don't make the same mistake that I did on the Client. When you go to mount NFS, make sure portmap is running; otherwise it will hang during the mounting proceedure!  :Surprised:  Just a little hint for some newbies.

----------

## oRDeX

very nice howto!   :Wink:   :Wink: 

----------

## Faco

 *deffe wrote:*   

> ADDITION:
> 
> NFS and iptables
> 
> If you want to use iptables along with your nfs server please follow these directions:
> ...

 

Hi, i am having troubles about transfer speedy on nfs mounts. And i am workin with iptables, all compiled in kernel, not as module. I ask, maybe, is this the problem ?

Of course my iptables rules accept connections from the lan, no rule is blocking anything from the lan. In fact; i can read or write in the nfs server. My problem is the speed.

Thanks.

----------

## richardash1981

Hint for people who get either client mounts timing out, or exportfs taking forever:

That the nfs server needs to be able to do a reverse DNS lookup on each client IP that tries to connect to it,(even with IP addresses or masks in /etc/exports).  If it can't, mount will often time out on the clients, and exportfs will take much longer.

Either add the nfs clients to the DNS or the server's hosts file.

----------

## Truin

In my experience (and I use NFS a lot), I've found the following things to be handy...

1) use the rsize=xxxx and optionally the wsize=xxxx in your mount options on the client side, where xxxx is the number of bytes NFS uses when reading/writing files on an NFS server.  The man page for nfs (run `man nfs` from your shell) suggests setting xxxx to 8192.  I found this greatly improved transfer speed on my shares.

2) use the intr option to allow interrupts on NFS file operations that suffer a major time-out.  The default is to NOT allow file operations to be interrupted.  (This makes ctrl-c work if a read/write to the NFS share hangs.)

3) normally, NFS would use udp for data transfer, which uses no transport error checking.  On a wireless links, such as 802.11b/g, this can be torture if your wireless connection is noisy and/or latent.  Using the tcp option can help on latent, noisy, or packet-lossy wireless links.

```
# mount -o rsize=8192,wsize=8192,intr,tcp server:/exported/share /mnt/point 
```

```
# server:/exported/share     /mnt/point     nfs  rsize=8192,wsize=8192,intr,tcp  0 0 
```

Last (or first, rather since this should be done before mounting!!), but not least,  portmap is a must, as it provides RPC communications for NFS and other RPC goodies that will help your NFS environment.  For details, feel free to browse through the various man pages for nfs, portmap, mountd. lockd, statd, and rpc.

```
# /etc/init.d/portmap start 
```

Hope this helps someone... noticed this thread has been dead a while, figured it could use a freshening!  :Smile: 

----------

## tcunha

 *deffe wrote:*   

> Portmap is required for NFS: 
> 
> ```
> 
> # /etc/init.d/portmap start 
> ...

 

There's no need to add portmap to the default runlevel since nfs/nfsmount depends on it:

```

$ sudo /etc/init.d/nfs ineed

portmap

$ sudo /etc/init.d/nfsmount ineed

net portmap

```

Good work.

----------

## Kate Monster

Hi,

I'm having problems getting this to work. Basically, when I try mounting my nfs filesystem it hangs forever then finall fails with:

```
mount: 192.168.1.105:/root/ch32/usr/local/portage/packages: can't read superblock
```

I've checked that I've setup my /etc/exports file properly, and I've added the computer to my /etc/hosts file. What could be wrong?

----------

## Truin

 *Quote:*   

>  when I try mounting my nfs filesystem it hangs forever then finall fails with:
> 
> ```
> mount: 192.168.1.105:/root/ch32/usr/local/portage/packages: can't read superblock
> ```
> ...

 

Sounds like possibly a portmap/rpc issue, maybe a lockd or mountd problem.  On the client side, try running the following and see if it spits out a list of your nfs exports:

```
 # showmount -e server 
```

 where server is your nfs server.

Also, make sure that portmap is running on the client side.  And as always, check your syslog (you did install a system logger, didn't you?) and see if it has any helpful messages.

----------

## steveL

Thanks to all who've posted such excellent info, and especially to the OP for a great howTo.

----------

## Kate Monster

 *Truin wrote:*   

> Also, make sure that portmap is running on the client side.

 

ahh, that was it, didn't know  portmap had to be started. thanks!   :Smile: 

----------

## mikers456

For crashes or hangs, resulting in an "undead" nfs server (nfsd or other processes can't be killed), can't mount or unmount nfs from client side, etc.

I found that reducing the size of wsize or rsize options in your fstab (client side NFS mount options) helped.  The NFS manual recommends that you reduce the size to 1024 and increase slowly while testing for each increase.  The manual also recommends not making your wsize, rsize bigger than MTU on network.  Also some network switches or routers cannot handle large packets -- check that your switch can support the packet size you are using.

Turns out with large wsize or rsize, udp packet fragmentation can either (a) overload your network card driver/kernel or (b) switch/router on network...  I was seeing hard nfs server side lockups.

Use "nfsstat -o all" on client to see number of re-transmissions from client side.  If excessively high (eg. > 5%) consider lowering the wsize, rsize options.

----------

## will824

Thanks for this Guide, it was really useful for me, as I am still learning  :Smile:   :Very Happy: 

----------

## SkyLine

On client side

```

/etc/init.d/nfs start

```

and

```

rc-update add nfs default

```

not needed.

Only start nfsmount

```

/etc/init.d/nfsmount start

```

and

```

rc-update add nfsmout start

```

----------

## RayDar

 *deffe wrote:*   

> 
> 
> The NFS daemon is required on the client:
> 
> ```
> ...

 

When I tried this, my machine would freeze at "Starting NFS statd ..." for a few minutes before reporting the following error: ERROR:  cannot start nfs as rpc.statd could not start

An ifconfig /a revealed that my "lo" interface didn't have an IP address of 127.0.0.1

This was fixed by starting the net.lo

```

/etc/init.d/net.lo start

```

Of course, I added it to my startup.

```

rc-update add net.lo default

```

----------

## diablo465

Thanks for the post, but I don't know how to use nfs-server in a system with systemd:

```
systemctl enable nfs-server

Failed to execute operation: No such file or directory
```

```
ae429-1105 linux # /etc/init.d/nfs start 

 * WARNING: nfs is already starting

ae429-1105 linux # rpcinfo -p 

   program vers proto   port  service

    100000    4   tcp    111  portmapper

    100000    3   tcp    111  portmapper

    100000    2   tcp    111  portmapper

    100000    4   udp    111  portmapper

    100000    3   udp    111  portmapper

    100000    2   udp    111  portmapper

```

----------

## steveL

@diablo: then start a thread asking for help, instead of resurrecting one from 6 years ago ;-)

----------

