Running Nfs Behind A Firewall; Hostname Formats; The /Etc/Exports Configuration File - Red Hat ENTERPRISE LINUX 5 - DEPLOYMENT Deployment Manual

Chapter 19. Network File System (NFS)
/sbin/service nfs reload

19.6.3. Running NFS Behind a Firewall

Because NFS requires portmap, which dynamically assigns ports for RPC services and can cause
problems for configuring firewall rules, you can edit the /etc/sysconfig/nfs configuration file to
control which ports the required RPC services run on. Refer to and read
for instructions on how to configure a firewall to allow NFS.
sysconfig/nfs"

19.6.4. Hostname Formats

The host(s) can be in the following forms:
• Single machine — A fully qualified domain name (that can be resolved by the server), hostname
(that can be resolved by the server), or an IP address.
• Series of machines specified with wildcards — Use the * or ? character to specify a string match.
Wildcards are not to be used with IP addresses; however, they may accidentally work if reverse
DNS lookups fail. When specifying wildcards in fully qualified domain names, dots (.) are not
included in the wildcard. For example, *.example.com includes one.example.com but does not
include one.two.example.com.
• IP networks — Use a.b.c.d/z, where a.b.c.d is the network and z is the number of bits in the
netmask (for example 192.168.0.0/24). Another acceptable format is a.b.c.d/netmask, where
a.b.c.d is the network and netmask is the netmask (for example, 192.168.100.8/255.255.255.0).
• Netgroups — In the format @group-name, where group-name is the NIS netgroup name.

19.7. The /etc/exports Configuration File

The /etc/exports file controls which file systems are exported to remote hosts and specifies
options. Blank lines are ignored, comments can be made by starting a line with the hash mark (#),
and long lines can be wrapped with a backslash (\). Each exported file system should be on its
own individual line, and any lists of authorized hosts placed after an exported file system must be
separated by space characters. Options for each of the hosts must be placed in parentheses directly
after the host identifier, without any spaces separating the host and the first parenthesis. Valid host
types are gss/krb5gss/krb5i and gss/krb5p.
A line for an exported file system has the following structure:
<export><host1>(<options>) <hostN>(<options>)...
In this structure, replace <export> with the directory being exported, replace <host1> with the host
or network to which the export is being shared, and replace <options> with the options for that host
or network. Additional hosts can be specified in a space separated list.
The following methods can be used to specify host names:
• single host — Where one particular host is specified with a fully qualified domain name, hostname,
or IP address.
256
Section 28.1.22, "/etc/