Mount NFS Shares

To mount a share on Linux via NFS, issue the following command as root:

mount -t nfs -o rw <fileserver>:/<remote path> /<local path>

For example:

mount -t nfs -o rw fs.muster.inf.ethz.ch:/export/groups/muster/h1/home/muster /mnt/muster

Home Directory

Each user account that you have at the D-INFK comes with its own home directory. When your account is created, the NFS export of your home directory is preconfigured to the trusted systems of your group. You can change to what hosts your home directory is exported to here.

Project Data and Scratch Space

Both shares for project data and scratch space are exported via NFS to separate lists of host that can be managed by your ITC.

Firewall

For the various isginf managed file servers the IP (ranges) for which the firewall on your Linux client must be opened are:

Personal and Project Data (fs.<group>.inf.ethz.ch) 129.132.19.0/25
Scratch Data (scratch.<group>.inf.ethz.ch) 129.132.166.85
Snapshot Server (snapshot.inf.ethz.ch) 129.132.19.126

As these systems are secure it is normally OK to open access to all ports from these IPs. The recommended tight firewall settings are the following.

For NFS3:

-A INPUT -s <server> -p tcp -m tcp --dport 111 -j ACCEPT
-A INPUT -s <server> -p udp -m udp --dport 111 -j ACCEPT
-A INPUT -s <server> -p tcp -m tcp --dport 32803 -j ACCEPT
-A INPUT -s <server> -p udp -m udp --dport 32769 -j ACCEPT
-A INPUT -s <server> -p tcp -m tcp --dport 662 -j ACCEPT
-A INPUT -s <server> -p udp -m udp --dport 662 -j ACCEPT
-A INPUT -s <server> -p tcp -m tcp --sport 892 -j ACCEPT
-A INPUT -s <server> -p udp -m udp --sport 892 -j ACCEPT

For NFS4:

-A INPUT -s <server> -p tcp -m tcp --sport 2049 --dport 1:1024 -j ACCEPT
-A INPUT -s <server> -p tcp -m tcp --dport 2050 -j ACCEPT

Page URL: https://isg.inf.ethz.ch/bin/view/Main/HelpStorageMountNfsShares
2019-09-18
© 2019 Eidgenössische Technische Hochschule Zürich