Date: Thu, 18 Nov 1999 10:32:44 -0800 (PST) From: tkato@prontomail.ne.jp To: freebsd-gnats-submit@freebsd.org Subject: ports/14981: Update port: misc/Howto Message-ID: <19991118183244.7D02E15197@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 14981 >Category: ports >Synopsis: Update port: misc/Howto >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Thu Nov 18 10:40:01 PST 1999 >Closed-Date: >Last-Modified: >Originator: KATO Tsuguru >Release: 3.3-RELEASE i386 >Organization: >Environment: >Description: * Fixed MASTER_SITES >How-To-Repeat: >Fix: diff -urN /usr/ports/misc/Howto/Makefile misc/Howto/Makefile --- /usr/ports/misc/Howto/Makefile Wed Aug 25 21:19:28 1999 +++ misc/Howto/Makefile Thu Nov 18 04:52:17 1999 @@ -9,9 +9,8 @@ DISTNAME= Howto-1.0 CATEGORIES= misc -MASTER_SITES= ftp://sunsite.unc.edu/pub/Linux/docs/HOWTO/other-formats/sgml/ \ - ftp://sunsite.unc.edu/pub/Linux/docs/HOWTO/mini/other-formats/sgml/ \ - http://sunsite.unc.edu/mdw/HOWTO/ +MASTER_SITES= ftp://metalab.unc.edu/pub/Linux/docs/HOWTO/other-formats/sgml/ \ + ftp://metalab.unc.edu/pub/Linux/docs/HOWTO/mini/other-formats/sgml/ DISTFILES= Linux+FreeBSD.sgml.gz \ DNS-HOWTO.sgml.gz \ NFS-HOWTO.sgml.gz \ diff -urN /usr/ports/misc/Howto/files/md5 misc/Howto/files/md5 --- /usr/ports/misc/Howto/files/md5 Mon Jul 5 21:08:10 1999 +++ misc/Howto/files/md5 Thu Nov 18 04:52:28 1999 @@ -1,5 +1,5 @@ MD5 (Howto/Linux+FreeBSD.sgml.gz) = 9199f50bba56794f8a86cce37001e99d MD5 (Howto/DNS-HOWTO.sgml.gz) = 67f91d102b0d4b7933a4991b3b173e1d -MD5 (Howto/NFS-HOWTO.sgml.gz) = 857f74f17b4c532cdf3016aa691db457 +MD5 (Howto/NFS-HOWTO.sgml.gz) = 909acce9e589fb4dbef9ee16eb9143f2 MD5 (Howto/NIS-HOWTO.sgml.gz) = 06c782815b4123f7820ba96f66f45365 MD5 (Howto/Security-HOWTO.sgml.gz) = d1ed952ffb4d15cf795d0a50a7d8f528 diff -urN /usr/ports/misc/Howto/patches/patch-nfs misc/Howto/patches/patch-nfs --- /usr/ports/misc/Howto/patches/patch-nfs Wed Dec 30 04:42:00 1998 +++ misc/Howto/patches/patch-nfs Thu Nov 18 06:52:33 1999 @@ -1,6 +1,6 @@ ---- NFS-HOWTO.sgml.orig Sat Oct 3 01:30:40 1998 -+++ NFS-HOWTO.sgml Sat Oct 3 02:20:23 1998 -@@ -67,7 +67,7 @@ +--- NFS-HOWTO.sgml.orig Thu Nov 18 06:51:14 1999 ++++ NFS-HOWTO.sgml Thu Nov 18 06:52:16 1999 +@@ -79,7 +79,7 @@ networking and the terms used. If you don't recognize the terms you can either go back and check the networking HOWTO, wing it, or get a book about TCP/IP network administration to familiarize yourself with @@ -9,8 +9,23 @@ machines. A very good book on the subject is <em>TCP/IP Network Administration</em> by Craig Hunt, published by O'Reilly & Associates, Inc. And after you've read it and understood it you'll -@@ -96,7 +96,7 @@ - skip ahead to the section on <ref id="nfs-client" name="setting up a +@@ -89,14 +89,6 @@ + <em/Mount Checklist/ and <em/FAQs/. Please refer to them if something + dosen't work as advertized. + +-<p>The home-site for the Linux 2.0 nfsd is <htmlurl +-name="ftp.mathematik.th-darmstadt.de:/pub/linux/okir" +-url="ftp://ftp.mathematik.th-darmstadt.de/pub/linux/okir/">, in case +-you want/need to get it and compile it yourself. +- +-<p>For information about NFS under Linux 2.2 please see <ref +-id="linuxtwotwo" name="the Linux 2.2 section">. +- + <sect>Setting up a NFS server<label id="nfs-server"> + + <sect1>Prerequisites +@@ -116,7 +108,7 @@ + skip ahead to <ref id="nfs-client" name="the section on setting up a NFS client"> -<p>If you need to set up a non-Linux box as server you will have to @@ -18,7 +33,15 @@ read the system manual(s) to discover how to enable NFS serving and export of file systems through NFS. There is a separate section in this HOWTO on how to do it on many different systems. After you have -@@ -109,8 +109,8 @@ +@@ -124,16 +116,13 @@ + HOWTO. Or read more of this section since some of the things I will + say are relevant no matter what kind of machine you use as server. + +-<p>If you're running please see <ref id="linuxtwotwo" name="the Linux +-2.2 section"> before you continue reading this. +- + <p>Those of you still reading will need to set up a number of + programs. <sect1>The portmapper<label id="portmapper"> @@ -26,10 +49,26 @@ -<tt/rpc.portmap/. The man page on my system says it is a "DARPA port +<p>The portmapper on FreeBSD is called <tt/portmap/. +The man page on my system says it is a "DARPA port - to RPC program number mapper". It is the first security holes you'll + to RPC program number mapper". It is the first security hole you'll open reading this HOWTO. Description of how to close one of the holes - is in the <ref id="nfs-security" name="security section">. Which I, -@@ -157,24 +157,23 @@ + is in <ref id="nfs-security" name="the security section">. Which I, +@@ -149,14 +138,7 @@ + If there is a script called something like <tt/inet/ it's probably the + right script to edit. But, what to write or do is outside the scope + of this HOWTO. Start portmap, and check that it lives by running +-<tt/ps aux/ and then <tt/rpcinfo -p/. It does? Good. +- +-<p>Oh, one thing. Remote access to your portmapper is regulated by +-the contents of your <tt>/etc/hosts.allow</tt> and +-<tt>/etc/hosts.deny</tt> files. If <tt/rpcinfo -p/ fails, but your +-portmapper is running please examine these files. See <ref +-id="nfs-security" name="the security section"> for details on these +-files. ++<tt/ps aux/. It does? Good. + + <sect1>Mountd and nfsd<label id="nfsd"> + +@@ -187,24 +169,23 @@ use./ There is a separate section in this HOWTO about other Unixes <tt/exports/ files. @@ -44,7 +83,7 @@ -to run <tt/exportfs/. Many Linux distributions lack a exportfs -program. If you're exportfs-less you can install this script on your +to run <tt/exportfs/. FreeBSD lacks a exportfs -+program. Yyou can install this script on your ++program. You can install this script on your machine: <code> @@ -60,7 +99,22 @@ <tt/chmod a+rx/ it. Now, whenever you change your exports file, you run exportfs after, as root. -@@ -221,12 +220,8 @@ +@@ -225,12 +206,8 @@ + mountd and nfsd. + + <p>If you get <tt>rpcinfo: can't contact portmapper: RPC: Remote +-system error - Connection refused</tt>, +-<tt>RPC_PROG_NOT_REGISTERED</tt> or something similar instead then the +-portmapper isn't running. OR you might have something in +-<tt>/etc/hosts.{allow,deny}</tt> that forbids the portmapper from +-answering, please see <ref id="nfs-security" name="the security +-section"> for details on these files. If you get <tt>No remote ++system error - Connection refused</tt> or something similar instead ++then the portmapper isn't running. Fix it. If you get <tt>No remote + programs registered.</tt> then either the portmapper doesn't want to + talk to you, or something is broken. Kill nfsd, mountd, and the + portmapper and try the ignition sequence again. +@@ -255,12 +232,8 @@ <sect>Setting up a NFS client<label id="nfs-client"> <p>First you will need a kernel with the NFS file system either @@ -73,9 +127,19 @@ +compiled in or available as a module. This is configured in the GENERIC +FreeBSD kernel for you. - <p>You can now, at a root prompt, enter a appropriate mount command and - the file system will appear. Continuing the example in the previous -@@ -259,7 +254,7 @@ + <p>You can now, at a root prompt, enter a appropriate mount command + and the file system will appear. Continuing the example in the +@@ -280,8 +253,7 @@ + by server: Permission denied</tt> then the exports file is wrong, or + you forgot to run exportfs after editing the exports file. If it says + <tt>mount clntudp_create: RPC: Program not registered</tt> it means +-that nfsd or mountd is not running on the server. Or you have the +-<tt/hosts.{allow,deny}/ problem mentioned earlier. ++that nfsd or mountd is not running on the server. + + <p>To get rid of the file system you can say + +@@ -294,7 +266,7 @@ as this is required: <code> @@ -84,7 +148,7 @@ ... eris:/mn/eris/local /mnt nfs rsize=1024,wsize=1024 0 0 ... -@@ -294,7 +289,7 @@ +@@ -332,7 +304,7 @@ <p>Picking up the previous example, this is now your fstab entry: <code> @@ -93,7 +157,7 @@ ... eris:/mn/eris/local /mnt nfs rsize=1024,wsize=1024,hard,intr 0 0 ... -@@ -304,8 +299,8 @@ +@@ -342,8 +314,8 @@ <sect1>Optimizing NFS<label id="optimizing"> <p>Normally, if no rsize and wsize options are specified NFS will read @@ -104,7 +168,7 @@ might not be optimal, anyway. So we'll want to experiment and find a rsize and wsize that works and is as fast as possible. You can test the speed of your options with some simple commands. Given the mount -@@ -341,7 +336,7 @@ +@@ -379,7 +351,7 @@ have different optimal sizes. SunOS and Solaris is reputedly a lot faster with 4096 byte blocks than with anything else. @@ -113,7 +177,7 @@ rsizes larger or equal to the machine page size. On Intel CPUs the page size is 4096 bytes. Read ahead will <em/significantly/ increase the NFS read performance. So on a Intel machine you will want 4096 -@@ -355,13 +350,13 @@ +@@ -393,13 +365,13 @@ requests shall not be considered finished before the data written is on a non-volatile medium (normally the disk). This restricts the write performance somewhat, asynchronous writes will speed NFS writes @@ -130,7 +194,18 @@ </code> <p>or something similar. Please refer to the exports man page on the -@@ -587,10 +582,10 @@ +@@ -413,7 +385,9 @@ + distance connections. + + <p>This section is based on knowledge about the used protocols but no +-actual experiments. Please let me hear from you if try this ;-) ++actual experiments. My home computer has been down for 6 months (bad ++HD, low on cash) and so I have had no modem connection to test this ++with. Please let me hear from you if try this :-) + + <p>The first thing to remember is that NFS is a slow protocol. It has + high overhead. Using NFS is almost like using kermit to transfer +@@ -623,10 +597,10 @@ servers root account. In the NFSd man page there are several other squash options listed so that you can decide to mistrust whomever you (don't) like on the clients. You also have options to squash any UID @@ -143,7 +218,7 @@ root access to a filesystem use <tt/no_root_squash/. <p>Another important thing is to ensure that nfsd checks that all it's -@@ -598,7 +593,7 @@ +@@ -634,7 +608,7 @@ any old port on the client a user with no special privileges can run a program that's is easy to obtain over the Internet. It talks nfs protocol and will claim that the user is anyone the user wants to be. @@ -152,36 +227,58 @@ have to enable this check yourself. This should be described in the nfsd man page for the OS. -@@ -609,74 +604,9 @@ +@@ -645,98 +619,9 @@ <p>The basic portmapper, in combination with nfsd has a design problem that makes it possible to get to files on NFS servers without any --privileges. Fortunately the portmapper Linux uses is relatively --secure against this attack, and can be made more secure by configuring --up access lists in two files. -+privileges. Fortunately the portmapper FreeBSD uses is relatively -+secure against this attack. - +-privileges. Fortunately the portmapper that most Linux distributions +-use is relatively secure against this attack, and can be made more +-secure by configuring up access lists in two files. +- +-<p>Not all Linux distributions were created equal. Some seemingly +-up-to-date distributions does <em/not/ include a securable portmapper, +-even today, many years since the vulnerability became common +-knowledge. At least one distribution even contains the manpage for a +-securable portmapper but the actual portmapper is <em>not</em> +-secureable. The easy way to check if your portmapper is good +-or not is to run strings(1) and see if it reads the relevant files, +-<tt>/etc/hosts.deny</tt> and <tt>/etc/hosts.allow</tt>. Assuming your +-portmapper is <tt>/usr/sbin/portmap</tt> you can check it with this +-command: <tt>strings /usr/sbin/portmap | grep hosts</tt>. On my +-machine it comes up with this: +- +-<code> +-/etc/hosts.allow +-/etc/hosts.deny +-@(#) hosts_ctl.c 1.4 94/12/28 17:42:27 +-@(#) hosts_access.c 1.20 96/02/11 17:01:27 +-</code> +- -<p>First we edit <tt>/etc/hosts.deny</tt>. It should contain the line - -<code> -portmap: ALL -</code> - --which will deny access to <em/everyone/. That's a bit drastic --perhaps, so we open it again by editing <tt>/etc/hosts.allow</tt>. --But first we need to figure out what to put in it. It should --basically list all machines that should have access to your --portmapper. On a run of the mill Linux system there are very few --machines that need any access for any reason. The portmapper --administrates nfsd, mountd, ypbind/ypserv, pcnfsd, and 'r' services --like ruptime and rusers. Of these only nfsd, mountd, ypbind/ypserv --and perhaps pcnfsd are of any consequence. All machines that needs to --access services on your machine should be allowed to do that. Let's --say that your machines address is 129.240.223.254 and that it lives on --the subnet 129.240.223.0 should have access to it (those are terms --introduced by the networking HOWTO, go back and refresh your memory if --you need to). Then we write +-which will deny access to <em/everyone/. While it is closed thus run +-<tt>rpcinfo -p</tt> just to check that your portmapper really reads +-and obeys this file. rpcinfo should give no output, or possebly a +-errormessage. Restarting the portmapper should <em>not</em> be +-necessary. +- +-<p>Closing the portmapper for everyone is a bit drastic, so we open it +-again by editing <tt>/etc/hosts.allow</tt>. But first we need to +-figure out what to put in it. It should basically list all machines +-that should have access to your portmapper. On a run of the mill +-Linux system there are very few machines that need any access for any +-reason. The portmapper administrates nfsd, mountd, ypbind/ypserv, +-pcnfsd, and 'r' services like ruptime and rusers. Of these only nfsd, +-mountd, ypbind/ypserv and perhaps pcnfsd are of any consequence. All +-machines that needs to access services on your machine should be +-allowed to do that. Let's say that your machines address is +-129.240.223.254 and that it lives on the subnet 129.240.223.0 should +-have access to it (those are terms introduced by the networking HOWTO, +-go back and refresh your memory if you need to). Then we write - -<code> -portmap: 129.240.223.0/255.255.255.0 @@ -201,7 +298,9 @@ - Interrupt:10 Base address:0x320 -... -</code> -- ++privileges. Fortunately the portmapper FreeBSD uses is relatively ++secure against this attack. + -and <tt/netstat -rn/ should show - -<code> @@ -229,7 +328,7 @@ <sect1>NFS and firewalls<label id="security-firewalls"> -@@ -692,13 +622,13 @@ +@@ -752,13 +637,13 @@ <sect1>Summary<label id="security-summary"> @@ -239,13 +338,13 @@ presently known bugs in nfs and can almost feel secure about <em/that/ at least. But still, after all that: When an intruder has access to your network, s/he can make strange commands appear in your - <tt/.forward/ or mailbox file when <tt>/home</tt> or --<tt>/var/spool/mail</tt> are mounted over NFS. For the same reason, -+<tt>/var/mail</tt> are mounted over NFS. For the same reason, + <tt/.forward/ or read your mail when <tt>/home</tt> or +-<tt>/var/spool/mail</tt> is NFS exported. For the same reason, ++<tt>/var/mail</tt> is NFS exported. For the same reason, you should never access your PGP private key over nfs. Or at least you should know the risk involved. And now you know a bit of it. -@@ -706,10 +636,10 @@ +@@ -766,10 +651,10 @@ it's not totally unlikely that new bugs will be discovered, either in the basic design or the implementation we use. There might even be holes known now, which someone is abusing. But that's life. To keep @@ -260,33 +359,57 @@ absolute minimum. <sect>Mount Checklist -@@ -761,10 +691,7 @@ +@@ -780,18 +665,7 @@ + refer to this list before posting your problem. Each item describes a + failure mode and the fix. + +-<enum>Mount keeps saying <tt/RPC: Program not registered/ +- +-<p>Is the portmapper running? +-<p><bf/Fix:/ Start it. +-<p>Is mountd running? +-<p><bf/Fix:/ Start it. +-<p>Is nfsd running? +-<p><bf/Fix:/ Start it. +-<p>Is the portmapper forbidden to answer by <tt>/etc/hosts.deny</tt>? +-<p><bf/Fix:/ Either remove the rule in <tt/hosts.deny/ or add a rule +- to <tt/hosts.allow/ such that the portmapper is allowed to talk to +- you. ++<enum> + + <item>File system not exported, or not exported to the client in + question. +@@ -832,10 +706,7 @@ <p><bf/Fix:/ Get the date set right. -<p>The HOWTO author recommends using NTP to synchronize clocks. Since -there are export restrictions on NTP in the US you have to get NTP for --debian, redhat or slackware from --ftp://ftp.hacktic.nl/pub/replay/pub/linux or a mirror. +-Debian, Red Hat or Slackware from +-<tt>ftp://ftp.hacktic.nl/pub/replay/pub/linux</tt>; or a mirror. +<p>The HOWTO author recommends using NTP to synchronize clocks. <item>The server can not accept a mount from a user that is in more than 8 groups. -@@ -774,93 +701,10 @@ +@@ -845,153 +716,10 @@ </enum> -<sect>FAQs - --<p>This is the FAQ section. Most of it was written by Alan Cox. +-<p>This is the FAQ section. It is partly based on a old NFS FAQ by +-Alan Cox. +- +-<p>If you have a problem mounting a filesystem please see if your +-problem is described in the ``Mount Checklist'' section. - -<enum> - -- <item>I get a lot of 'stale nfs handle' errors when using Linux as +- <item>I get a lot of ``stale nfs handle'' errors when using Linux as - a nfs server. - -- <p>This is caused by a bug in some oldish nfsd versions. It is -- fixed in nfs-server2.2beta16 and later. +- <p>This is caused by a bug in some old nfsd versions. It is fixed +- in nfs-server2.2beta16 and later. - - <item>When I try to mount a file system I get - @@ -300,18 +423,20 @@ - <item>Why can't I execute a file after copying it to the NFS server? - - <p>The reason is that nfsd caches open file handles for performance -- reasons (remember, it runs in user space). While nfsd has a file +- reasons (remember, it runs in user space). While nfsd has a file - open (as is the case after writing to it), the kernel won't allow -- you to execute it. Nfsds newer than ~spring 95 release open files +- you to execute it. Nfsds newer than ~spring 95 release open files - after a few seconds, older ones would cling to them for days. - - <item>My NFS files are all read only - -- <p>The Linux NFS server defaults to read only. RTFM the ``exports'' -- and nfsd manual pages. You will need to alter <tt>/etc/exports</tt>. +- <p>The Linux NFS server defaults to read only. Please read the +- section about ``Mountd and nfsd'' and ``Exporting filesystems'' in +- this HOWTO, and refer to the ``exports'' and ``nfsd'' manual +- pages. You will need to alter <tt>/etc/exports</tt>. - -- <item>I mount from a linux nfs server and while ls works I can't -- read or write files. +- <item>I mount from a Linux NFS server and while <tt>ls</tt> works I +- can't read or write files. - - <p>On older versions of Linux you must mount a NFS servers with - <tt/rsize=1024,wsize=1024/. @@ -319,7 +444,9 @@ - <item>I mount from a Linux NFS server with a block size of between - 3500-4000 and it crashes the Linux box regularly - -- <p>Basically don't do it then. +- <p>Basically don't do it then. This does not happen with 2.0 and +- 2.2 kernels. As far as I recall there is no problem with 1.2 +- either. - - <item>Can Linux do NFS over TCP - @@ -342,7 +469,7 @@ - systems - - <p>NFS writes are normally synchronous (you can disable this if you -- don't mind risking losing data). Worse still BSD derived kernels +- don't mind risking losing data). Worse still BSD derived kernels - tend to be unable to work in small blocks. Thus when you write 4K of - data from a Linux box in the 1K packets it uses BSD does this - @@ -355,6 +482,58 @@ - write 4K page back to physical disk - etc.. - </verb></tscreen> +- +- <item>When I connect many clients to a Linux NFS server the +- performance suddenly drops. +- +- <p>The NFS protocol uses fragmented UDP packets. The kernel has a +- limit of how many fragments of incomplete packets it can have before +- it starts throwing away packets. In 2.2 this is runtime tuneable +- via the /proc filesystem: +- <tt>/proc/sys/net/ipv4/ipfrag_high_thresh</tt> and +- <tt>ipfrag_low_thresh</tt>. In 2.0 these are compile-time constants +- defined in <tt>.../linux/net/ipv4/ip_fragment.c</tt>, +- <tt>IPFRAG_HIGH_THRESH</tt> and <tt>IPFRAG_LOW_THRESH</tt>. The +- meaning of these values is that once the memory consumption of +- unassembled UDP fragments reaches the ``ipfrag_high_thresh'' in +- bytes (256K by default in 2.2.3 and 2.0.36) it is cut down to +- ``ipfrag_low_tresh'' at once. This is done by throwing away +- fragments. This will look almost like packet loss, and if the +- high threshold is reached your server performance drops a lot. +- +- <p>256K is enough for up to 30 clients. If you have 60, double it. +- And double the low threshold also. +- +- <item>I'm using Linux 2.2 (or later) with knfsd and I can't get my +- AIX, IRIX, Solaris, DEC-Unix, ... machine to mount it. +- +- <p>Knfsd announces that it implements NFS version 3. It does not. +- There is an option to stop it from announcing it. Use it. Or you +- can put "<tt/vers=2/" in the mount option list on the clients. +- +- <item>My AIX 4 machine cannot mount my Linux NFS server. It says +- +- <tscreen><verb> +- mount: 1831-011 access denied for server:/dir +- mount: 1831-008 giving up on: +- server:/dir +- The file access permissions do not allow the specified action. +- </verb></tscreen> +- +- or something like that instead. +- +- <p>AIX 4.2 used reserved ports (<1024) for NFS. AIX 4.2.1 and 4.3 +- are not constrained to reserved ports. Also, AIX 4.2.1 and 4.3 try +- to mount using NFS3, then NFS/TCP, then fiannly NFS/UDP. +- +- <p>Adding +- +-<code> +-nfso -o nfs_use_reserved_ports=1 +-</code> +- +- <p>to the end of <tt/rc.tcpip/ will force it to use reserved ports +- again. (This tip was supplied by Brian Gorka) - -</enum> - @@ -364,6 +543,298 @@ <p>The way to export filesytems with NFS is not completely consistent -across platforms of course. In this case Linux and Solaris 2 are the +across platforms of course. In this case FreeBSD and Solaris 2 are the - deviants. This section lists, superficially the way to do it on most + deviants. This section lists, superficially, the way to do it on most systems. If the kind of system you have is not covered you must check your OS man-pages. Keywords are: nfsd, system administration tool, rc +@@ -1040,291 +768,6 @@ + </code> + + After editing run the program <tt/shareall/ to export the filesystems. +- +-<sect>NFS under Linux 2.2 +-<label id="linuxtwotwo"> +- +-<p>As I write this Linux 2.2.12 is the current kernel version and to +-use NFS under it can be a bit of a chore. Or not. +- +-<p>What the status of NFS in Linux 2.4 will be i unknown. +- +-<p>The new big thing in Linux 2.2 is support for a in-kernel nfs +-server demon, called knfsd in 2.2. This way of implementing nfsd has +-some advantages, the main one is speed. A Linux 2.2 machine with +-knfsd is a respectable nfs server. You can still use the old nfsd +-with Linux 2.2 though, and there are some advantages to using this, +-mainly simplicity. +- +-<p>If you use a kernel source or binary package made by someone like +-RedHat (6.0 and later), SuSE (6.1 or later, I belive) or some other +-professional system integrator they have likely integrated full +-"knfsd" functionality in their kernel and you need not worry, it will +-work. Mostly. Until you want to compile a kernel yourself. If you +-use a stock Linux 2.2 kernel (up to 2.2.12 at least) knfsd will break. +- +-<p>To get this on the air yourself you need to get H.J. Lus knfsd +-package. This is a collection of patches, and the needed utilities +-for 2.2 that Lu is maintaining in his spare time. You can get it from +-your local kernel mirror, the master site is <htmlurl +-url="ftp://ftp.kernel.org/pub/linux/devel/gcc/" +-name="ftp.kernel.org:/pub/linux/devel/gcc/">. <bf/This is not meant +-for general consumption/. If you find this package confusing please +-don't try to do this yourself. Wait until a kernel package from your +-favourite system integrator (e.g., Red Hat, SuSE or ...) appears. +- +-<p>Also, please don't send me questions about this, I can't help you. +-I do not have any knfsd based servers running. If you find errors or +-omissions in this documentation, please write to me and I'll revise +-this HOWTO and release it again. +- +-<p>Still reading? Ok. H.J.Lu posts about new versions of this +-package on the linux-kernel mailing list. Other issues pertaining to +-NFS in 2.2 is also posted about there. Read it. +- +-<p>There is one interesting thing to note about the knfsd package. It +-announces that it supports NFS version 3. However it does not support +-it. There is an option you can give to stop it from announcing NFS3, +-or on the clients you can specify "<tt/vers=2/" in the mount option +-list. +- +-<sect1>The client +- +-<p>The client is almost simple. To get propper locking you need to +-get <tt/statd/ (from the knfsd package) compiled, installed and +-started from your boot-scripts. Do that. Statd needs a directory +-called <tt>/var/lib/nfs</tt> to function otherwise it will just abort +-with no error message, so that directory needs to be created before it +-will run. +- +-<p>Once statd is running you can use the <tt/testlk/ program (in +-<tt>tools/locktest</tt> to test if locking of a file on a NFS mounted +-filesystem works. It should. If it prints <em/No locks available/ +-statd is not working. +- +-<p>Actually, you can also avoid locking entierly (not that I recomend +-this), by giving "<tt/nolock/" in the mount option list. +- +-<p>As far as I know this is all that's needed to get the client +-working. +- +-<p>Oh, if you have a Sparc or Alpha NFS server you will find that the +-nfs client in Linux 2.2 absolutely sucks. The transfer rates to and +-from the server is so bad that ... you can't imagine. It's far worse +-than under Linux 2.0. Far. But there is a fix for this of course. +-The Alan Cox series of 2.2 kernels (which are a bit more experimental +-than the normal 2.2 kernels from Linus) include a patch to make Linux +-2.2 perform when used with Alpha and Sparc servers. If you want to +-use the Alan Cox 2.2 kernels you should be reading the linux-kernel +-mailing list and if you do you know where the patch can be found. +-There home site of this patch is <url +-url="http://www.uio.no/~trondmy/src/">, in case you want to try to +-apply it to a stock 2.2 kernel. This patch will probably not be in +-Linux 2.4 either, because it requires too many changes in the kernel +-to be accepted in the current development cycle. Wait for Linux 2.5. +- +-<p><tt/trondmy/ also has patches to make Linux use NFS version 3, this +-will also enable you to use tcp as transport mechanism instead of UDP. +-NFSv3 is is very good for long-haul networks and other networks where +-the packet loss is non-zero or the latencies are high. +- +-<p>The reason you should read the linux-kernel mailing list to use +-these patches is that sometimes there are bad bugs discovered in them. +-Bugs that eat your files. So please <bf/beware/. +- +-<sect1>The server +- +-<p>The nfs server demon under Linux 2.2 and later is called +-"<tt/knfsd/". It is tricky to set it up. You have to figure this out +-all by yourself, or stick to what SuSE, Red Hat and others are +-releasing in the way of 2.2 kernel packages. Sorry. You can still use +-the old nfsd under Linux 2.2 though. It's slow but easy to set up. +- +-<sect>NFS server on a floppy +- +-<p>This section was written by Ron Peters, <htmlurl +-url="mailto:rpeters@hevanet.com" name="rpeters@hevanet.com"> It +-explains how to set up an NFS server when booting up from floppy. It +-was originally devised to be able to NFS share a cdrom from another +-non-Linux/UNIX machine to install Linux on a machine that does not +-have a cdrom. +- +-<!-- S e c t i o n - - - - - - - - - - - - - - - B r e a k e r --> +-<sect1> Introduction +-<p> +-This document is being created for those who will run into the same problem +-I had recently. I was building a Linux server on a machine that didn't have +-a cdrom and has no facility for adding one except for possibly an external +-SCSI or the like. Now that it is getting less and less likely that you will +-be installing on a machine like that, this document may not be that +-valuable. However, I would have appreciated it when I was trying to build +-my machine. +-<p> +-Since my machine didn't have a cdrom drive, I thought I would go find an NFS +-server for Win95 and share the cdrom for long enough to install the box and +-get it on my network. Of the two products I found, (I'm not mentioning names +-but one was freeware and the other was a 14 day limited license), one didn't +-work out of the box, and the other couldn't handle the Linux naming +-convention well enough to complete the install. +-<p> +-I then settled on trying to boot my Win95 machine with the boot/root set of +-disks and then use a suplimentary floppy to set up the NFS server. +-<p> +-This was remarkably simple, and the procedure is probably easier than reading +-this introduction but I believe that putting the whole procedure in one +-place will be value added. +-<p> +- +-<!-- S e c t i o n - - - - - - - - - - - - - - - B r e a k e r --> +-<sect1>Expectations +-<p> +-This document was derived using the boot/root disks from one of the current +-InfoMagic developer distributions of Slackware. I used kernel version +-2.0.34 for the boot/root disks, but the NFS server programs were taken from +-a 2.0.30 server. I have always used the Slakware installation method, not +-because it is any easier or better or worse, just that I am comfortable with +-it and I haven't taken the time to try another method. +-<p> +-I don't believe that there will be many problems using this document in +-relation to OS version. I would recommend using something relatively +-current. Since it is likely that this will be used for installation, a +-current boot/root set will likely be used. +-<p> +-Your mileage may vary. +-<p> +- +-<!-- S e c t i o n - - - - - - - - - - - - - - - B r e a k e r --> +-<sect1>Requirements +-<p> +-<itemize> +-<item>Network capable system and boot disk. The system that is to be the +-NFS server must have a network card and it must be recognized by the during +-the boot process. More information on this can be found in the Networking +-HOWTO. +-<item>Secondary floppy that contains rpc.portmap, rpc.mountd and rpc.nfsd. +-These files should be easily found from an ftpsearch off the web. +-<item>Slackware (or other) source media (assumed to be cd). +-</itemize> +- +-<!-- S e c t i o n - - - - - - - - - - - - - - - B r e a k e r --> +-<sect1> Server Setup +-<p> +-<sect2> Boot the temporary NFS server +-<p> +-Boot the NFS server system from boot floppy and make sure the network card +-is recognized. It is also necessary that the CDROM be recognized. I will +-use eth0 as the example network card. +-<p> +-<sect2> Mount the floppy and cdrom +-<p> +-Once the system is booted up, the boot/root floppies are not needed. The +-system is fully contained in RAM. +-<p> +-Replace the root floppy with the suplimentary disk. Mount the floppy: +-<p> +-<tt>mount /dev/fd0 /floppy</tt> +-<p> +-This assumes that the floppy is an ext2 file system type. I imaging that +-the suplimentary disk could be a DOS floppy with the files on it, but I +-haven't tried that yet. I imagine that this would be easier that a disk +-image. In this case, it would be a <tt>mount -t msdos ...etc</tt>. This +-should probably be put in the todo section. +-<p> +-Mount the cdrom: +-<p> +-<tt>mount -t iso9660 /dev/hdc /cdrom</tt> +-<p> +-The floppy and cdrom devices are the ones I used. These may be different +-depending on application. The mount points /floppy and /cdrom exist on the +-root floppy disk image so they can be used. If they don't, create them or +-you could use any mount points you like. +-<p> +-<sect2> Set up networking on the temporary server. +-<p> +-This is where the temporary NFS server is set up to talk on the network. +-There are only a few commands to run. There are a few items of information +-that you will need before running the commands (values are examples): +-<p> +-IPADDR:172.16.5.100 #This is the address of the temporary server. +-<p> +-NETMASK:255.255.255.0 #This is the netmask. +-<p> +-BROADCAST:172.16.5.255 #The last number (255) is significant from IPADDR. +-<p> +-ETHNETWORK:172.16.5.0 #Once again, slightly different from IPADDR. +-<p> +-GATEWAY:172.16.5.251 #Only needed if you have a gateway. You will probably +-know. Most home networks won't have a gateway. +-<p> +-The commands to get on the network. Insert values from above: +-<p> +-<tt>ifconfig eth0 inet IPADDR arp netmask NETMASK broadcast BROADCAST</tt> +-<p> +-<tt>route add -net ETHNETWORK netmask NETMASK eth0</tt> +-<p> +-Only use next command if you have a gateway and need to go through it: +-<p> +-<tt>route add default gw GATEWAY netmask 0.0.0.0 eth0</tt> +-<p> +-If all goes well, you are now on the network and should be able to ping other +-nodes. +-<p> +-<sect2> Set up the NFS share. +-<p> +-Determine the directory that you want to NFS share. In the case of the my +-example, I used the /cdrom/slakware directory. Put this directory in the +-/etc/exports file: +-<p> +-<tt>echo "/cdrom/slakware" > /etc/exports</tt> +-<p> +-<sect1> Run the NFS server +-<p> +-Go to /floppy/usr/sbin and run: +-<p> +-<tt>./rpc.portmap</tt> +-<p> +-<tt>./rpc.mountd</tt> +-<p> +-<tt>./rpc.nfsd</tt> +-<p> +-<sect2> Complete, start the install. +-<p> +-This should share the "/cdrom/slakware" directory in the /etc/exports file. +-Once this is done, you can now boot up the machine to be installed from +-boot/root floppies (I used same ones that I booted NFS server with) and start +-the installation. +-<p> +-Once you are ready to choose the media source location, choose the NFS +-server option. It will ask about the ip address of the server. Give it the +-IP address that you used as IPADDR for the server. It will also ask for the +-directory to be mounted. This is the directory you put in the /etc/exports +-on the NFS server. +-<p> +-The system will then NFS mount the server. Watch for any error messages. +-All should be complete and you can continue the installation. +-<p> +-<!-- S e c t i o n - - - - - - - - - - - - - - - B r e a k e r --> +-<sect1>Troubleshooting +-<p> +-<sect2> Nothing Here Yet. +-<p> +-I don't have any troubleshooting info yet. Perhaps as people use this +-procedure, there will be more tips and hints available. +-<p> +-<!-- S e c t i o n - - - - - - - - - - - - - - - B r e a k e r --> +-<sect1>To Do +-<p> +-<sect2>DOS Disk. +-<p> +-Check out a DOS disk for the suplimentary disk. +-<p> +-<sect2> rpc commands. +-<p> +-Check out specific order of running rpc.* commands and if all or just some +-of the command needs to be run. +-<p> +- +-<!-- S e c t i o n - - - - - - - - - - - - - - - B r e a k e r --> + + <sect>PC-NFS + >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991118183244.7D02E15197>