nfs以及优化
centos6.x 搭建nfs
yum -y install nfs nfs-utils
mkdir /gong_xiang_mu_lu
setfacl -m u:nobody:rx /gong_xiang_mu_lu
创建并编辑
vim /etc/exports
/gong_xiang_mu_lu 192.168.0.0/24(rw)
#共享目录 默认用户nobody,当然也可以自行创建,一般不用加用户,但是如果要创建的话要在小括号里面加上uid跟gid,比如这样 192.168.0.24/(rw,rsync,aauid=id_num,aagid=gid_num)
nfs的参数说明
固定nfs的端按nfs默认启动的话,很多服务如rpc.mounted,端口都不是固定的,这样不方便在防火墙上进行管理,所以我们需要把每个启动的服务的端口固定下来,需要做的就是编辑/etc/sysconfig/nfs文件.
# vi /etc/sysconfig/nfs 更改下面的配置,将端口分配为一个没被占用的 # TCP port rpc.lockd should listen on. LOCKD_TCPPORT=lockd-port-number # UDP port rpc.lockd should listen on. LOCKD_UDPPORT=lockd-port-number # Port rpc.mountd should listen on. MOUNTD_PORT=mountd-port-number # Port rquotad should listen on. RQUOTAD_PORT=rquotad-port-number # Port rpc.statd should listen on. STATD_PORT=statd-port-number # Outgoing port statd should used. The default is port is random STATD_OUTGOING_PORT=statd-outgoing-port-numbe 下面是我用于测试的机器上修改的内容 RQUOTAD_PORT=6005 LOCKD_TCPPORT=6004 LOCKD_UDPPORT=6004 MOUNTD_PORT=6002 STATD_PORT=6003
STATD_OUTGOING_PORT=6006
然后配置iptables
iptables -A INPUT -p tcp -s 192.168.0.0/24 --dport 22 -m state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp -m state -state NEW,ESTABLISHED,RELATED -s 192.168.0.0/24 --dport 6002 -j ACCEPT
iptables -A INPUT -p tcp -m state -state NEW,ESTABLISHED,RELATED -s 192.168.0.0/24 --dport 6003 -j ACCEPT
iptables -A INPUT -p tcp -m state -state NEW,ESTABLISHED,RELATED -s 192.168.0.0/24 --dport 6004 -j ACCEPT
iptables -A INPUT -p tcp -m state -state NEW,ESTABLISHED,RELATED -s 192.168.0.0/24 --dport 6005 -j ACCEPT
iptables -A INPUT -p tcp -m state -state NEW,ESTABLISHED,RELATED -s 192.168.0.0/24 --dport 6006 -j ACCEPT
iptables -A INPUT -p udp -m state -state NEW,ESTABLISHED,RELATED -s 192.168.0.0/24 --dport 6002 -j ACCEPT
iptables -A INPUT -p udp -m state -state NEW,ESTABLISHED,RELATED -s 192.168.0.0/24 --dport 6003 -j ACCEPT
iptables -A INPUT -p udp -m state -state NEW,ESTABLISHED,RELATED -s 192.168.0.0/24 --dport 6004 -j ACCEPT
iptables -A INPUT -p udp -m state -state NEW,ESTABLISHED,RELATED -s 192.168.0.0/24 --dport 6005 -j ACCEPT
iptables -A INPUT -p udp -m state -state NEW,ESTABLISHED,RELATED -s 192.168.0.0/24 --dport 6006 -j ACCEPT
iptables -A INPUT -p tcp -m state -state NEW,ESTABLISHED,RELATED -s 192.168.0.0/24 --dport 111 -j ACCEPT
iptables -A INPUT -p udp -m state -state NEW,ESTABLISHED,RELATED -s 192.168.0.0/24 --dport 111 -j ACCEPT
iptables -A INPUT -p tcp -m state –state NEW,ESTABLISHED,RELATED -s 192.168.0.0/24 --dport 2049 -j ACCEPT
iptables -A INPUT -p udp -m state -state NEW,ESTABLISHED,RELATED -s 192.168.0.0/24 --dport 2049 -j ACCEPT
iptables -P INPUT DROP
客户端验证
mkdir /zao
mount -t nfs 192.168.0.55:/you /zao
#开机自动挂载
192.168.0.55:/you /zao nfs defaults,rw 0 0
mount 192.168.0.55
参考文献:
https://blog.csdn.net/freedom8531/article/details/43793517
https://www.cnblogs.com/princessd8251/articles/7068041.html
http://blog.51cto.com/showerlee/1127122