NFS

From TechPubs Wiki

Revision as of 18:45, 20 February 2025 by Raion (talk | contribs)

NFS or Networked File System is a protocol used to share filesystems over a network. IRIX includes support for NFSv2 and NFSv3.

Hosting NFS

NFSv2 and NFSv3 have known security problems and exploits. It's highly advised to use a proper firewall and configuration.

NFS can be hosted from IRIX, BSD, Solaris/illumos, Linux or even some versions of macOS and still retain compatibility to IRIX. This page documents related issues with NFSv3/2 and the various quirks to get it working on each host OS.

Recommended Hosts

The easiest hosts to get working with IRIX are, in no particular order:

  • illumos/Solaris
  • FreeBSD
  • NetBSD
  • IRIX 6.5.22 or higher
  • Windows 10 Pro or Enterprise

Not Recommended

These hosts have a number of server and implementation issues with NFSv3, if there are tricks unheard of yet to getting them working please feel free to add tricks below:

  • Linux: rpcbind in Linux is buggy, and the nfsd module usually gets interfered with by SELinux, systemd and other modern Linuxisms.
  • macOS: The most recent versions do not appear to have proper NFSv3 support for hosting, though NFSv3 connections do appear to work.

Guides

FreeBSD

FreeBSD supports NFSv3 for IRIX easily.

Enabling Services

The following lines must be added to the /etc/rc.conf file:

rpcbind_enable="YES"

nfs_server_enable="YES"

mountd_enable="YES"

mountd_flags="-r -p 735"

Now start the services:

# service rpcbind start; service nfsd start; service mountd reload

Exporting

On ZFS, do not use /etc/exports. Instead, use:

zfs sharenfs="-network 10.0.0.0 -mask 255.255.255.0" tank/protected

This will share the tank/protected dataset on LAN addresses 10.0.0.0/24

Further examples will include PF firewall rules to ensure spoofed/hostile traffic cannot compromise NFS.

Linux (Ubuntu)

Thanks to Larbob/lbdm for this guide.

Preparation

Install the NFS subsystem:

sudo apt install nfs-kernel-server

Make an NFS share directory:

sudo mkdir -p /srv/nfs

Set up /etc/exports with something like this:

/srv/nfs 192.168.0.0/24(rw,sync,no_subtree_check,no_root_squash)

Edit /etc/default/nfs-kernel-server's RPCMOUNTDOPTS section to add --no-nfs-version 4

Finishing Touches

sudo exportfs -ra

sudo systemctl restart nfs-config

sudo systemctl restart nfs-kernel-server

This will provide a setup to allow anyone with uid 0 to write as root. Please be careful if deciding this.

Retrieved from "http://www.tech-pubs.net/wiki/index.php?title=NFS&oldid=259"