NFS: Difference between revisions
Created page with "NFS or Networked File System is a protocol used to share filesystems over a network. IRIX includes support for NFSv2 and NFSv3. === Hosting NFS === '''NFSv2 and NFSv3 have known security problems and exploits. It's highly advised to use a proper firewall and configuration.''' NFS can be hosted from IRIX, BSD, Solaris/illumos, Linux or even some versions of macOS and still retain compatibility to IRIX. This page documents related issues with NFSv3/2 and the various quir..." |
No edit summary |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
NFS or Networked File System is a protocol used to share filesystems over a network. IRIX includes support for NFSv2 and NFSv3. | NFS or Networked File System is a protocol used to share filesystems over a network. [[IRIX 6.5]] includes support for NFSv2 and NFSv3. | ||
== Hosting NFS == | |||
'''NFSv2 and NFSv3 have known security problems and exploits. It's highly advised to use a proper firewall and configuration.''' | '''NFSv2 and NFSv3 have known security problems and exploits. It's highly advised to use a proper firewall and configuration.''' | ||
| Line 21: | Line 21: | ||
* macOS: The most recent versions do not appear to have proper NFSv3 support for hosting, though NFSv3 connections do appear to work. | * macOS: The most recent versions do not appear to have proper NFSv3 support for hosting, though NFSv3 connections do appear to work. | ||
== Guides == | |||
==== FreeBSD ==== | ==== FreeBSD ==== | ||
| Line 76: | Line 76: | ||
sudo systemctl restart nfs-kernel-server | sudo systemctl restart nfs-kernel-server | ||
</pre>This will provide a setup to allow anyone with uid 0 to write as root. Please be careful if deciding this. | </pre>This will provide a setup to allow anyone with uid 0 to write as root. Please be careful if deciding this. | ||
[[Category:Tutorials]] | |||
[[Category:No-Images]] | |||
Latest revision as of 17:38, 23 February 2025
NFS or Networked File System is a protocol used to share filesystems over a network. IRIX 6.5 includes support for NFSv2 and NFSv3.
Hosting NFS
NFSv2 and NFSv3 have known security problems and exploits. It's highly advised to use a proper firewall and configuration.
NFS can be hosted from IRIX, BSD, Solaris/illumos, Linux or even some versions of macOS and still retain compatibility to IRIX. This page documents related issues with NFSv3/2 and the various quirks to get it working on each host OS.
Recommended Hosts
The easiest hosts to get working with IRIX are, in no particular order:
- illumos/Solaris
- FreeBSD
- NetBSD
- IRIX 6.5.22 or higher
- Windows 10 Pro or Enterprise
Not Recommended
These hosts have a number of server and implementation issues with NFSv3, if there are tricks unheard of yet to getting them working please feel free to add tricks below:
- Linux: rpcbind in Linux is buggy, and the nfsd module usually gets interfered with by SELinux, systemd and other modern Linuxisms.
- macOS: The most recent versions do not appear to have proper NFSv3 support for hosting, though NFSv3 connections do appear to work.
Guides
FreeBSD
FreeBSD supports NFSv3 for IRIX easily.
Enabling Services
The following lines must be added to the /etc/rc.conf file:
rpcbind_enable="YES" nfs_server_enable="YES" mountd_enable="YES" mountd_flags="-r -p 735"
Now start the services:
# service rpcbind start; service nfsd start; service mountd reload
Exporting
On ZFS, do not use /etc/exports. Instead, use:
zfs sharenfs="-network 10.0.0.0 -mask 255.255.255.0" tank/protected
This will share the tank/protected dataset on LAN addresses 10.0.0.0/24
Further examples will include PF firewall rules to ensure spoofed/hostile traffic cannot compromise NFS.
Linux (Ubuntu)
Thanks to Larbob/lbdm for this guide.
Preparation
Install the NFS subsystem:
sudo apt install nfs-kernel-server
Make an NFS share directory:
sudo mkdir -p /srv/nfs
Set up /etc/exports with something like this:
/srv/nfs 192.168.0.0/24(rw,sync,no_subtree_check,no_root_squash)
Edit /etc/default/nfs-kernel-server's RPCMOUNTDOPTS section to add --no-nfs-version 4
Finishing Touches
sudo exportfs -ra sudo systemctl restart nfs-config sudo systemctl restart nfs-kernel-server
This will provide a setup to allow anyone with uid 0 to write as root. Please be careful if deciding this.
