NFS — Provide network shares to specific clients

Restricting access to NFS shares can be done by restricting firewall access (iptables), or by configuring the /etc/exports file. The /etc/exports file can restrict access to a single machine, a wildcard, or an IP network.
It all starts with installing and starting NFS

  • yum install nfs-utils rpcbind
  • service nfs start
  • service rpcbind start

Restricting to a single machine (can be exported to an IP or hostname)

  • Edit /etc/exports
  • Configure the export command like the following
    • /media 192.168.10.10(rw,no_root_squash)
  • Restart the service – service nfs restart

Restricting to a wildcard — this allows exporting to a name or IP address with wildcards

  • Edit /etc/exports
  • Configure the export command like the following
    • /media *.example.com(rw,no_root_squash)
    • or /media 192.168.*10(rw,no_root_squash)
  • Restart the service – service nfs restart

 Restricting to an IP network — this allows exporting to an entire subnet, or group of addresses

  • Edit /etc/exports
  • Configure the export command like the following
    • /media 192.168.10.0/24(rw,no_root_squash)
  • Restart the service – service nfs restart

Leave a Reply