# NFS set up with dynamic I.P addresses

## methodtwo

Is it possible to set up NFS when both my mate's machines get their I.P addresses dynamically from the router via dhcp?.It's just that i haven't figured out how to assign his machines static I.P addresses because i don't want to mess with his router(I've heard a horror story about someone who uses the same router who turned off dhcp and then couldn't get it back!)

In particular i can't get a static address for his laptop because it's wireless and i don't know how to configure for static addresses with wireless...do you?

So is NFS possible with dynamic I.P addresses?..How would this be done?

Any help would be great.Thank you in advance

----------

## cach0rr0

Since NFS is exclusively IP-based access control, your options are severely limited. 

How granular are you planning on making the access control? Should everybody on your internal private network have access to the same content or no? 

I'm trying to understand why you couldn't simply export to 192.168.0.0/16 (or whatever your private address range is) - the only reason I could think of is if you wanted different users to have access to different shares, in which case indeed you're...well, screwed, if you can't get your DHCP server to always assign the same IP's to certain MAC's If that is indeed the case, you'd almost be better off going the samba route and publishing shares based upon real auth info.

----------

## cach0rr0

also: in terms of configuring static IP's with wireless, wicd allows you this option 

really depends on how they're connecting to wireless - if you have info on what theyre using (e.g. NetworkManager, wicd, wpa_cli), we could provide more targeted help

----------

## methodtwo

I'm sorry i didn't know that you could export to address ranges.I guess that solves my problem.Thank you very much

----------

## methodtwo

What do you do for /etc/hosts.allow

should it be:

```

portmap:ip_address_minus_host_part/subnetmask

etc...

```

????

----------

## cach0rr0

I don't think hosts.allow will accept CIDR notation

I think it should be in the format of:

```

192.168.0.0/255.255.0.0

```

I'm basing that on this thread

another link supporting this presumption here

----------

## methodtwo

What is the difference between my notation and what you just wrote.No i'm not taking the piss i really am a bit of a n00b.Please excuse me[/code]

----------

## cach0rr0

 *methodtwo wrote:*   

> What is the difference between my notation and what you just wrote.No i'm not taking the piss i really am a bit of a n00b.Please excuse me[/code]

 

there may be no difference, I just didn't understand what you meant by 'ip minus the host part'  :Smile: 

Rather than assume you knew already (since I didn't understand what you meant!) I went ahead and assumed you didn't know, and included the example just to be safe. 

Honestly that's all there is to it - just playing it safe and erring on the side of giving too much info as opposed to too little.

----------

## methodtwo

Or rather..say the address of the system that i want to give remote access to is 192.168.1.104 then what should i put in /etc/hosts.allow on the server?

----------

## methodtwo

Thank you very much for all your replies by the way  :Very Happy: 

----------

## cach0rr0

 *methodtwo wrote:*   

> Or rather..say the address of the system that i want to give remote access to is 192.168.1.104 then what should i put in /etc/hosts.allow on the server?

 

If it's *only* that one address, then you would want to match all 32 bits of the IP address

192.168.1.104/255.255.255.255

(which is equivalent to 192.168.1.104/32 in CIDR notation, but alas hosts.allow doesn't allow CIDR it doesn't seem - do a 'man hosts.allow' and it should tell you)

----------

## methodtwo

Well sorry again what i meant by my previous example was that 192.168.1.104 was a dynamic address.I totally understand if you're fed up with this by now and don't want to post to me anymore

----------

## cach0rr0

ha...no worries mate, not a bother at all

This really goes back to my first post - you don't *need* to know specifically what their addresses are going to be, you only need to know the range

Not unless you want to do selective sharing based upon which user is browsing the share - in which case Samba is a better (albeit notably slower) option

192.168.* is private, non-routable address space. 

You are perfectly safe in sharing to 192.168.0.0-192.168.255.255, as these will all be internal users on your LAN

If you share to the entire aforementioned range, it doesn't matter *what* IP address DHCP decides to give to your users

NFS will share to them via, for example:

```

pantheon ~ # cat /etc/exports 

# /etc/exports: NFS file systems being exported.  See exports(5).

/storage/music 192.168.0.0/16(rw,async,no_root_squash,no_subtree_check,insecure)

/storage/movies 192.168.0.0/16(rw,async,no_root_squash,no_subtree_check,insecure)

```

And tcpwrappers will allow that same range in hosts.allow via

```

192.168.0.0/255.255.0.0

```

The bigger point, since that's private non-routable address space, you don't need to restrict the sharing to only specific IP addresses. 

NOT unless you have certain users on your private LAN that you *DON'T* want having access to the shares. Only then does it get trickier.

----------

