NFS configuration for remote servers
This article is obsolete and the most up-to-date information can be found in
the User Guide!
If you have deployed Packet Sensor, Flow Sensor or Wanguard Filter on a different server than the Console, you must configure NFS (Network File System) to export the Flow Collector and Packet Trace data to the Console's server. If you do not, the user interface will not be able to access packet traces or flows saved on remote servers.
-
Install the necessary packages on the Console server.
On Red Hat or CentOS execute:[root@console ~]# yum install nfs-utils nfs-utils-lib
On Debian or Ubuntu execute:[root@console ~]# apt-get install nfs-common
-
Install the necessary packages on the remote server.
On Red Hat or CentOS execute:[root@remote ~]# yum install nfs-utils nfs-utils-lib
On Debian or Ubuntu execute:[root@remote ~]# apt-get install nfs-kernel-server nfs-common
- Log in to Console and go to Configuration » Servers » [Remote Server] to look for the Server ID. You will have to replace [server_id] in the next steps with this number.
-
On the Console server find the UID and GID of the "andrisoft" user account by executing:
[root@console ~]# id andrisoft uid=4097(andrisoft) gid=4097(andrisoft) groups=4097(andrisoft)
In this particular case, in the next step you should replace [andrisoft_uid] with 4097 and [andrisoft_gid] with 4097. -
On the remote server add the following lines to the /etc/exports file:
/opt/andrisoft/dumps/[server_id] [console_ip](no_subtree_check,rw,anonuid=[andrisoft_uid],anongid=[andrisoft_gid]) /opt/andrisoft/flows/[server_id] [console_ip](no_subtree_check,rw,anonuid=[andrisoft_uid],anongid=[andrisoft_gid])
Execute on the remote server:[root@remote ~]# mkdir -p /opt/andrisoft/dumps/[server_id] [root@remote ~]# chown -R andrisoft:andrisoft /opt/andrisoft/dumps/[server_id] [root@remote ~]# mkdir -p /opt/andrisoft/flows/[server_id] [root@remote ~]# chown -R andrisoft:andrisoft /opt/andrisoft/flows/[server_id]
-
On the Console server add the following lines to the /etc/fstab file:
[sensor_ip]:/opt/andrisoft/dumps/[server_id] /opt/andrisoft/dumps/[server_id] nfs intr,soft,_netdev [sensor_ip]:/opt/andrisoft/flows/[server_id] /opt/andrisoft/flows/[server_id] nfs intr,soft,_netdev
Execute on the Console server:[root@console ~]# mkdir -p /opt/andrisoft/dumps/[server_id] [root@console ~]# chown andrisoft:andrisoft /opt/andrisoft/dumps/[server_id] [root@console ~]# mkdir -p /opt/andrisoft/flows/[server_id] [root@console ~]# chown andrisoft:andrisoft /opt/andrisoft/flows/[server_id]
- Make sure the TCP and UDP port 2049 (NFS) and 111 (RPC) are opened in your remote server's firewall. Consult your Linux distribution's documentation to see how to open up the two ports. You can check the status of your firewall by executing:
[root@remote ~]# iptables -L INPUT -n -v
-
Restart the NFS service on the remote server.
On Red Hat or CentOS execute:
[root@remote ~]# service nfs restart [root@remote ~]# chkconfig --level 345 nfs on
On Debian or Ubuntu execute:[root@remote ~]# service nfs-kernel-server restart [root@remote ~]# update-rc.d nfs-kernel-server defaults 99 # for System V distributions [root@remote ~]# systemctl enable nfs-kernel-server # for Systemd distributions
-
Restart the NFS service on the Console server if you run Red Hat or CentOS:
[root@console ~]# service nfs restart [root@console ~]# chkconfig --level 345 nfs on
-
Mount on the Console server the directories exported by the remote server:
[root@console ~]# mount /opt/andrisoft/dumps/[server_id] [root@console ~]# mount /opt/andrisoft/flows/[server_id]
Note: If you plan to remove a NFS-linked directory from your Console server, unmount it first with 'umount -l -f /opt/andrisoft/...' - Configure the remote server with the same time-zone as the Console server.
To troubleshoot NFS-related issues, use the following commands:
showmount -e : Shows the available shares on your local machine
showmount -e [server-ip or hostname]: Lists the available shares at the remote server
showmount -d : Lists all the sub directories
exportfs -v : Displays a list of shares files and options on a server
exportfs -a : Exports all shares listed in /etc/exports, or given name
exportfs -u : Unexports all shares listed in /etc/exports, or given name
exportfs -r : Refresh the server’s list after modifying /etc/exports
Autor
Andrisoft Team
Andrisoft Team
Erstellt am
2014-06-24 22:17:31
2014-06-24 22:17:31
Aktualisiert am
2024-03-25 08:18:20
2024-03-25 08:18:20
Aufrufe
12519
12519