LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-09-2014, 03:37 PM   #1
bluforce
Member
 
Registered: Apr 2012
Posts: 47

Rep: Reputation: Disabled
Lock down NFS Share?


Guys,
What is the syntax to restrict NFS access to a particular subnet? Also, would that needed to be appended to /etc/exports?

Thanks
 
Old 01-09-2014, 05:40 PM   #2
smallpond
Senior Member
 
Registered: Feb 2011
Location: Massachusetts, USA
Distribution: CentOS 6 (pre-systemd)
Posts: 2,850

Rep: Reputation: 757Reputation: 757Reputation: 757Reputation: 757Reputation: 757Reputation: 757Reputation: 757
The form of the line in /etc/exports is something like:

Code:
/path/to/share 192.168.0.0/24(rw,no_root_squash,no_subtree_check)
where 192.168.0.0 would be your class C subnet. Modify as required. Make sure you issue the exportfs -r command after updating.
 
1 members found this post helpful.
Old 01-09-2014, 06:25 PM   #3
sag47
Senior Member
 
Registered: Sep 2009
Location: Orange County, CA
Distribution: Kubuntu x64, Raspbian, CentOS
Posts: 1,851
Blog Entries: 36

Rep: Reputation: 455Reputation: 455Reputation: 455Reputation: 455Reputation: 455
Quote:
Originally Posted by smallpond View Post
Code:
/path/to/share 192.168.0.0/24(rw,no_root_squash,no_subtree_check)
All of which is explicitly stated in the exports man page in the Example section.

Quote:
Originally Posted by exports man page
Code:
/foo            2001:db8:9:e54::/64(rw) 192.0.2.0/24(rw)
...
...exports a directory to both an IPv6 and an IPv4 subnet.
...
Quote:
Originally Posted by smallpond View Post
where 192.168.0.0 would be your class C subnet.
To clarify 192.168.0.0 is the network address and 192.168.0.0/24 is the class C subnet.

I'd also like to point out the definition of the format of the file as well as one of the accepted values for the Machine name in the format.

Quote:
Originally Posted by exports man page
Description
...
...Each line contains an export point and a whitespace-separated list of clients allowed to mount the file system at that point. Each listed client may be immediately followed by a parenthesized, comma-separated list of export options for that client. No whitespace is permitted between a client and its option list.
...
Machine Name Formats
...
IP networks
You can also export directories to all hosts on an IP (sub-) network simultaneously. This is done by specifying an IP address and netmask pair as address/netmask where the netmask can be specified in dotted-decimal format, or as a contiguous mask length. For example, either '/255.255.252.0' or '/22' appended to the network base IPv4 address results in identical subnetworks with 10 bits of host. IPv6 addresses must use a contiguous mask length and must not be inside square brackets to avoid confusion with character-class wildcards. Wildcard characters generally do not work on IP addresses, though they may work by accident when reverse DNS lookups fail.
It's basically a description of the solution that was provided. It is best to read the man page of something before google or asking about it. The man pages usually provide a wealth of the utility usage for any part of the system.

Last edited by sag47; 01-09-2014 at 06:34 PM.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
A loop device mounted within an NFS share is not accessible via NFS? srikanthnv Linux - Software 17 12-18-2011 10:31 AM
[SOLVED] Can't read lock file tmp .x0-lock xinit: stale nfs file handle everal Slackware 2 10-31-2011 08:11 AM
Placing a SMB share inside an NFS share grittyminder Linux - Networking 0 05-14-2008 04:49 AM
In NFS server. I want to share directory but i dont want to share subdirectories. aashishdhabarde Linux - Server 1 01-16-2008 04:48 AM
Allowing NFS in IPTABLES: Fix port for NFS Lock Manager Swakoo Linux - General 10 08-25-2006 06:24 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 10:46 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration