Ivan Tomica

Mounting NFS from Host machine inside VM on Fedora

For the past few weeks I’ve been trying to solve few particular set of problems which I won’t go into detail here, perhaps in another post.

One of the challenges I’ve faced is how to export NFS from my ZFS pool on Fedora host machine and mount it within Ubuntu based VM.

The whole process is quite simple and straight forward so here we go.

In order to be able to use NFS at all we first need to install required components on the host machine:

sudo dnf install nfs-utils

Then do the same on the guest machine:

sudo apt-get install nfs-common

In order for NFS to work we need to enable and start the service:

systemctl enable --now nfs-server.service

If you wish to use NFSv2 or NFSv3 rpcbind service will also be required, but Fedora ships rpcbind.socket which is basically socket based trigger for starting up the service.

With everything out of the way, we can share NFS. As I’ll be using it over private VM network I’ll only allow rw from my VM IP

zfs set sharenfs="rw=@192.168.122.11/32" storage/nfs/ubuntu

To show the current list of exports one can use

[root@kirk ~]# showmount -e
Export list for kirk.tomica.lan:
/nfs/ubuntu 192.168.122.11/32

At last, to mount the share, in VM you can use:

mount -t nfs 192.168.122.1:/nfs/ubuntu /mnt

Since Fedora has ports 111 and 2049 blocked by default, you first need to enable access to those ports. Using FirewallD you can first find the appropriate zone:

[root@kirk ~]# firewall-cmd --list-all-zones
...
libvirt (active)
  target: ACCEPT
  icmp-block-inversion: no
  interfaces: virbr0
  sources: 
  services: dhcp dhcpv6 dns ssh tftp
  ports: 
  protocols: icmp ipv6-icmp
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
	rule priority="32767" reject
...

For me it’s the libvirt zone. To allow access to the NFS and required services in that zone I’ve used:

firewall-cmd --permanent --add-service=nfs --zone=libvirt
firewall-cmd --permanent --add-service=mountd --zone=libvirt
firewall-cmd --permanent --add-service=rpc-bind --zone=libvirt

Although last one is not necessary required when using NFSv4. After firewall reload all should work fine:

firewall-cmd --reload
Tagged in:, , , , , ,

1 Comment

  1. mail.comJonathon Poppleton

    2019-12-08 - 11:10
    Reply

    I am running fedora 31 as the host with ubuntu 17.10 as the kv client. In the past i opened the three services in the public zone because i was using NFS on my local network for other machines never releasing that both mountd and rpc-bind services should have been for libvirt zone only. Adding both mountd and rpc-bind to the public zone no longer works in the current fedora release as it did with previous versions which is how i ended up at your blog. I spent quiet a few hours trying to figure why i could not mount the fedora host using the default NAT isolated network. Thanks for sharing. Much appreciated.

Leave a Reply

Your email address will not be published. Required fields are marked *