Introduction to NFS

Many of you are already familiar with SMB shares (more colloquially known as "Windows network shares" and, among Linux users, as "CIFS shares"). If you are, then you probably also wonder if there's a "Linux network share". The answer is that, yes there is, they're called "NFS shares". So what are NFS shares and why should you use them?

Why Should I Use NFS Shares? When Should I Use NFS Shares?

First of all NFS shares are a protocol for network file sharing, in fact that's what "NFS" stands for, "network file system". It's a protocol that allows you to export files across a network so that additional devices can access them.

Maybe you're already using a network share, so when should you choose NFS over SMB? Here are the reasons to consider NFS over SMB/CIFS/"Windows Shares":

  • If your clients are also running Linux: As you can imagine, NFS's roots being in Unix, means that it better supports Linux operations. For example, if you're using your NFS share for backups of your Linux machines, do you have symbolic links? There's a good chance you do. NFS offers much better support for those symbolic links than SMB. In contrast, SMB will often give you an error when it comes across symbolic links.
  • You do a lot of short/random-read/write-like file operations: NFS tends to perform better than Microsoft's SMB here. As you deal with larger files and get more into sequential IO performance territory, though, the advantage between NFS and SMB blurs. Reference: Windows NFS vs Linux NFS Performance Comparison

When Shouldn't You Use NFS and Consider CIFS/SMB Shares Instead?

Just as important, and probably even more important than knowing when to use a tool, is to also know when not to use it. There are a few things to consider when choosing NFS over SMB:

  • Reliability: I know, I'm living dangerously here by suggesting this, and yes, I know, anecdotal evidence is the worst kind of evidence, but in my experience NFS simply isn't as reliable as SMB, at least on unRAID. If you want to argue semantics, maybe it's more appropriate to say that NFS is much more "finicky" than SMB. NFS "stale file handles" anyone? Obviously this is a gross oversimplification since many large enterprises use NFS just fine. Don't let this scare you off from NFS, it's still reliable and, the majority of the time, the only time I have a problem with NFS on unRAID is when I have rebooted my unRAID server. Additionally, in a future post, I will show you how to not only minimize the "NFS stale file handle" problem through good client mount configuration, but also how to allow your clients to fix the problem on their own automatically so this will be less of an issue.
  • You're using a non-Linux device (i.e. Windows): NFS requires some simple additional setup on Windows devices (even that's not as big of a deal as it used to be), but most devices offer support for SMB right out of the box. If you have a mixed-OS network, SMB works very well and you should likely just stick with SMB.

In general, for most home and small business users, I would suggest that your default posture be toward SMB, using NFS when you have identified a specific need for it (i.e. you need some Linux-specific functionality like backing up directories with symbolic links).

How to Set Up an unRAID NFS Server

So you've decided to go with NFS on your unRAID server, where do you begin?

Enable NFS

  • Start by enabling NFS on unRAID (Settings > NFS > Enable NFS: Yes):
NFS Settings
NFS Settings
Enable NFS
Enable NFS

This starts up the unRAID NFS server. (Don't forget to click apply!)

Set Up NFS Shares

  • With NFS enabled, exporting an NFS share is just as easy. Simply navigate to the user share (Shares > [Click on the user share you want to export via NFS] > NFS Security Settings > Export: Yes):
Exporting an NFS Share on unRAID
Exporting an NFS Share on unRAID

Deploying an unRAID NFS Server Behind a Firewall

Note that this set up is only necessary if you need to access your NFS server across a firewall or access control list (ACL). This step will not be necessary for 99.9% of you. The only firewall the majority of you will have will be the one on your router and you should never be exposing your NFS server directly to the internet.

This set up is for those of you who, like me, have a separate DMZ network that occasionally needs to access the unRAID server across a firewall (actually an access control list (ACL) in my case). If you're interested in my network/DMZ ACL set up, you can read more about it here:

Securing Your Network: Configuring ACLs on an HP 1910 Managed Switch “The Easy Way”
Secure your network by learning how to set up access control lists (ACLs) on the HP 1910 (Comware) managed switch.

Introduction to DMZs, Firewalls, and ACLs

In networks exposed to potential hostiles (think networks with web servers), we typically isolate that network from the rest of the network by way of access control lists (ACLs) or firewalls. This network is known as a DMZ and the typical way of securing it is to set up firewall/ACL rules that explicitly permit only absolutely necessary traffic and block everything else by default.

Let's say we want our DMZ servers to be able to backup certain files to our unRAID server over NFS. In order to do so, we need to explicitly permit this NFS traffic through the ACL to our unRAID server. There's one slight problem though: by default NFS listening ports are randomly assigned. This makes it difficult to explicitly permit traffic through the ACL since we don't know what ports to allow through.

The solution? Set up static NFS server ports on unRAID. This will allow us to have static, predictable ports to permit through our firewall/ACL.

Today's guide will be focused on the essentials to get you up and running with NFS on unRAID so, if you want more details, or just want to know how to figure this kind of stuff out on your own, check out the notes I took when I set this up on my own server here:

Running NFS Behind a Firewall: Setting Up Static NFS Ports on unRAID
Just taking some notes to outline my plan to deploy NFS mounts to my DMZ servers. I am posting these notes because I think people might benefit from seeing the background information/theory that goes into writing a guide. If you like this note post format and want me to do more, please let me know. …

Set Up Static NFS Server Ports

In order to set up static NFS server ports, you'll first need to make sure you have the User Scripts plugin installed:

[Plugin] CA User Scripts
Just a simple little plugin to act as a front end for any little scripts that you may have that you may need to run every once in a while, and dont feel like dropping down to the command line to do it. (Or anything that I happen to run across here on the forum that will be of use to some people) ...

Once you have the User Scripts plugin installed, we'll create a new script to define those static ports. Thankfully, Arch on the unRAID forums has already written it for us:

#!/bin/bash

DEFAULT_RPC="/etc/default/rpc"
STATD_PORT=32766
LOCKD_PORT=32768

RC_NFSD="/etc/rc.d/rc.nfsd"
MOUNTD_PORT=32767

nfs_config() (
	set -euo pipefail
	sed -i '
	s/^#RPC_STATD_PORT=.*/RPC_STATD_PORT='$STATD_PORT'/;
	s/^#LOCKD_TCP_PORT=.*/LOCKD_TCP_PORT='$LOCKD_PORT'/;
	s/^#LOCKD_UDP_PORT=.*/LOCKD_UDP_PORT='$LOCKD_PORT'/;
	' ${DEFAULT_RPC}
	sed -i '
	s/^\s\{4\}\/usr\/sbin\/rpc\.mountd$/    \/usr\/sbin\/rpc\.mountd -p '$MOUNTD_PORT'/;
	' ${RC_NFSD}
	/etc/rc.d/rc.rpc restart
	sleep 1
	/etc/rc.d/rc.nfsd restart
)

nfs_config
if [[ $? -ne 0 ]]; then
	/usr/local/emhttp/webGui/scripts/notify -i warning -s "NFS config failed"
fi

Source: Arch on the unRAID Forums

Set the script to run at startup of the array:

User Scripts plugin with "Static NFS Ports" script added
User Scripts plugin with "Static NFS Ports" script added

With the above script, the relevant ports for our unRAID NFS are ports 111, 2049, and 32766-32768. These are the ports that we will need to permit through our access control list.

Permit NFS Ports Through Firewall/ACL

The exact configuration for this will depend on your specific firewall application, but in general the goal here is to permit traffic with a destination of <unRAID server IP Address> on ports 111, 2049, and 32766-32768.

Since I'm using ACLs on an L3 managed switch, I use advanced ACL rules. For you visual learners, here's what they look like on my config:

Advanced ACL Rules Permitting NFS TCP Connections
Advanced ACL Rules Permitting NFS TCP Connections
acl number 3010
 rule 12 permit tcp destination 10.0.30.5 0 destination-port eq sunrpc 
 rule 14 permit tcp destination 10.0.30.5 0 destination-port eq 2049 
 rule 15 permit tcp destination 10.0.30.5 0 destination-port range 32766 32768 

Note that I only have TCP ports permitted. unRAID supports both UDP and TCP, so you can choose to permit both TCP and UDP traffic through your firewall/ACL. I use TCP exclusively for the reasons outlined here.

Additional Reading

If you're interested in my notes from when I first set up a static NFS server on unRAID, you can check them out here:

Running NFS Behind a Firewall: Setting Up Static NFS Ports on unRAID
Just taking some notes to outline my plan to deploy NFS mounts to my DMZ servers. I am posting these notes because I think people might benefit from seeing the background information/theory that goes into writing a guide. If you like this note post format and want me to do more, please let me know. …

Running into trouble mounting your NFS client? This post may help you troubleshoot your NFS mount:

Experiments in NFS Troubleshooting
While attempting to mount my NFS shares in the Ubuntu VMs in my DMZ, I ran into some trouble where my DMZ servers, acting as NFS clients, were unable to reach my NFS server across the ACL. It’s difficult to troubleshoot a problem when you don’t know what “good” looks like and there doesn’t seem to …

That's all there is to it! You've now successfully deployed an NFS server on unRAID.

In the next article, I will show you some best practices for mounting an NFS share on Ubuntu (including how to avoid the dreaded NFS "stale file handle" error and how to have your NFS client fix itself should it occur).

Are you running an NFS server out of unRAID? If so, what are your specific use cases for doing so?