Hello,

NFS (Network File System) is the equivalent to SMB (Samba/CIFS) from the Windows world in the Unix world. Over NFS you can share folders on the network. Building a NFS share is quite easy but the configuration a bit tricky if you plan the usage of a firewall, for example iptables.

You need following ports open:

TCP/UDP 111 (RPC portmapper)
TCP/UDP 2049 (NFSD server)
TCP/UDP 32803 (*)
TCP/UDP 32769 (*)
TCP/UDP 892 (*)
TCP/UDP 875 (*)
TCP/UDP 662 (*)
TCP/UDP 2020 (*)

(*) Because NFS choses random ports every time it's started we need to fix several ports in the config file /etc/sysconfig/nfs. Without these fixed ports we can't do firewalling on a nfs server. So, to activate these ports uncomment the following lines in the mentioned config file:

LOCKD_TCPPORT=32803
LOCKD_UDPPORT=32769
MOUNTD_PORT=892
RQUOTAD_PORT=875
STATD_PORT=662
STATD_OUTGOING_PORT=2020

Afterwards restart all daemons needed for the nfs server:

# /etc/init.d/rpcbind restart
# /etc/init.d/nfs restart
# /etc/init.d/rpcsvcgssd restart

Now that the server is running you only need to add the ports to your iptables config. Open /etc/sysconfig/iptables and repeat the following 2 lines for each port:

-A INPUT -m state –state NEW -p tcp –dport <port> -j ACCEPT
-A INPUT -m state –state NEW -p udp –dport <port> -j ACCEPT

Now we have to export a folder. First open the file /etc/exports and add the export, here an example line:

/home/BACKUP    192.168.0.0/24(rw,sync,root_squash)

Short explanation:
/home/BACKUP – That's the folder you want to export
192.168.0.0/24 – That's the host part which has access to the share (here the whole mentioned network)
(rw,sync,root_squash) – That's the option part (here read/write, sync and act as root)

For more explanations on the options you can consult the manpages (# man exports)

After you have created the share and saved the file, push it online with
# exportfs -a

I also restart the nfs server every time after the exportfs command but i don't know if it's really needed.