- NFS 패키지 설치
[root@server ~]# yum -y install nfs-utils nfs-utils-lib - 서비스 등록 & 시작
[root@server ~]# systemctl enable rpcbind
[root@server ~]# systemctl enable nfs-server
[root@server ~]# systemctl enable nfs-lock
[root@server ~]# systemctl enable nfs-idmap
[root@server ~]# systemctl start rpcbind
[root@server ~]# systemctl start nfs-server
[root@server ~]# systemctl start nfs-lock
[root@server ~]# systemctl start nfs-idmap - 방화벽 등록
- 모든 IP에 대해 오픈
서비스 포트 등록
[root@server ~]# firewall-cmd --permanent --add-port=111/tcp
[root@server ~]# firewall-cmd --permanent --add-port=54302/tcp
[root@server ~]# firewall-cmd --permanent --add-port=20048/tcp
[root@server ~]# firewall-cmd --permanent --add-port=2049/tcp
[root@server ~]# firewall-cmd --permanent --add-port=46666/tcp
[root@server ~]# firewall-cmd --permanent --add-port=42955/tcp
[root@server ~]# firewall-cmd --permanent --add-port=875/tcp
방화벽 재시작
[root@server ~]# firewall-cmd --reload
방화벽 상태 확인
[root@server ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: dhcpv6-client ssh
ports: 1111/tcp 54302/tcp 20048/tcp 2049/tcp 46666/tcp 42955/tcp 875/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
공유 설정
[root@server ~]# vi /etc/exports
/share *(rw,sync,no_root_squash,no_subtree_check)
NFS 서비스 reload
[root@server ~]# exportfs -r - 특정 IP만 오픈
소스 IP 등록
[root@server ~]# firewall-cmd --permanent --add-source=xxx.xxx.xxx.xxx
[root@server ~]# firewall-cmd --permanent --add-source=yyy.yyy.yyy.yyy
rule 등록
[root@server ~]# firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="xxx.xxx.xxx.xxx" port port="111" portocol="tcp" accept'
[root@server ~]# firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="xxx.xxx.xxx.xxx" port port="54302" portocol="tcp" accept'
[root@server ~]# firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="xxx.xxx.xxx.xxx" port port="20048" portocol="tcp" accept'
[root@server ~]# firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="xxx.xxx.xxx.xxx" port port="2049" portocol="tcp" accept'
[root@server ~]# firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="xxx.xxx.xxx.xxx" port port="46666" portocol="tcp" accept'
[root@server ~]# firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="xxx.xxx.xxx.xxx" port port="42955" portocol="tcp" accept'
[root@server ~]# firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="xxx.xxx.xxx.xxx" port port="875" portocol="tcp" accept'
[root@server ~]# firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="yyy.yyy.yyy.yyy" port port="111" portocol="tcp" accept'
[root@server ~]# firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="yyy.yyy.yyy.yyy" port port="54302" portocol="tcp" accept'
[root@server ~]# firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="yyy.yyy.yyy.yyy" port port="20048" portocol="tcp" accept'
[root@server ~]# firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="yyy.yyy.yyy.yyy" port port="2049" portocol="tcp" accept'
[root@server ~]# firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="yyy.yyy.yyy.yyy" port port="46666" portocol="tcp" accept'
[root@server ~]# firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="yyy.yyy.yyy.yyy" port port="42955" portocol="tcp" accept'
[root@server ~]# firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="yyy.yyy.yyy.yyy" port port="875" portocol="tcp" accept'
방화벽 재시작
[root@server ~]# firewall-cmd --reload
방화벽 상태 확인
[root@server ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources: xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy
services: dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="xxx.xxx.xxx.xxx" port port="111" portocol="tcp" accept
rule family="ipv4" source address="xxx.xxx.xxx.xxx" port port="54302" portocol="tcp" accept
rule family="ipv4" source address="xxx.xxx.xxx.xxx" port port="20048" portocol="tcp" accept
rule family="ipv4" source address="xxx.xxx.xxx.xxx" port port="2049" portocol="tcp" accept
rule family="ipv4" source address="xxx.xxx.xxx.xxx" port port="46666" portocol="tcp" accept
rule family="ipv4" source address="xxx.xxx.xxx.xxx" port port="42955" portocol="tcp" accept
rule family="ipv4" source address="xxx.xxx.xxx.xxx" port port="875" portocol="tcp" accept
rule family="ipv4" source address="yyy.yyy.yyy.yyy" port port="111" portocol="tcp" accept
rule family="ipv4" source address="yyy.yyy.yyy.yyy" port port="54302" portocol="tcp" accept
rule family="ipv4" source address="yyy.yyy.yyy.yyy" port port="20048" portocol="tcp" accept
rule family="ipv4" source address="yyy.yyy.yyy.yyy" port port="2049" portocol="tcp" accept
rule family="ipv4" source address="yyy.yyy.yyy.yyy" port port="46666" portocol="tcp" accept
rule family="ipv4" source address="yyy.yyy.yyy.yyy" port port="42955" portocol="tcp" accept
rule family="ipv4" source address="yyy.yyy.yyy.yyy" port port="875" portocol="tcp" accept
공유 설정
[root@server ~]# vi /etc/exports
/share xxx.xxx.xxx.xxx(rw,sync,no_root_squash,no_subtree_check)
/share yyy.yyy.yyy.yyy(rw,sync,no_root_squash,no_subtree_check)
NFS 서비스 reload
[root@server ~]# exportfs -r
'CentOS' 카테고리의 다른 글
| postfix 실행 에러 (0) | 2018.04.13 |
|---|---|
| NIC UUID 확인 (0) | 2018.04.05 |
| 채널 본딩 (0) | 2018.04.04 |
