NFS [ Network File System]

NFS [ Network File System]

                         To share the data on one computer with other computer NFS is used.

The Network File System (NFS) was developed to allow machines to mount a disk partition on a remote machine as if it were a local disk. It allows for fast, seamless sharing of files across a network. There are other systems that provide similar functionality to NFS e.g. Samba provides file services to Windows clients.

For Username and Password if we share “/etc/passwd” file on NIS server to clients then they can login to the server but cant get their home directory on server. For that configure that server as NFS and mount the home directory of the user. For that give command :

# mount -t nfs (server's ip address):/home /home

here “:/home” this directory is of server and “/home” is of client.

There is a file at “/etc/” named “exports”

Edit that file... #vim /etc/exports

make changes as...

(name of directory to be shared)     (Ip address of machine whom you want to share directory)    (rights, sync/async)

e.g. /dbc * (rw, async)

here /dbc is the directory on server which we want to share

' * ' means share for all machines ( or you can give specific Ip)

Now to share it give command :

# exportfs -a

# exportfs                    ( To see what is shared on your machine )

To share a directory on your machine which is currently on other machine

make any directory on root for e.g.

# mkdir /abc

# service nfs start

Then mount directory which is on other computer onto your computer for that give command-

# mount -t nfs (client's IP address):s1 /abc

Modes :

async : This mode is fast working because, if someone is accessing a file on a machine and after some processing he changed that file and saved it, but before saving it on to hard disk some other person requested to access that file then in that case also the file is made available for new client without saving that file. But if meanwhile machine gets restarted or network gets off then the file gets lost or corrupted.

Sync : in this mode working is slow because, file gets saved on hard disk first and then made available for the client machine.

no_wdely : If we have selected the 'async' mode then we cannot use this mode.

In this case if 2 users wants to access a single file simultaneously then it is made available for both users and when one user makes changes to that file the changes are reflected only after saving the file by first user.

nohide : if we mount any directory from samba server using nfs it is there in hidden format ( it is due to file system), then instead of mounting filesystem separately to each client just mount filesystem on NFS server and use “nohide” option, the data will gets directly available.

no_subtree_check : if we use this option it will not show directory tree list to client. They have to check it by browsing each directory separately.

insecure_locks : if following options are selected the directory security will not be maintained-

a) no_auth_nlm : authentication is not required for access

b) no_acl : Permissions on file are not checked by server.

c)Mountpoint = path : if we have alredy mounted a directory from some where else we can remount it using nfs.

User Id mapping :

a) root/squash : 'root' is also considered as an anonymous user. It does not have full rights because of security concern.

b) no_root_squash : root is having access as a root user.

c)all-squash : all users will get access as anonymous user.

d)anonuid and anongid : it can map anonymous user and groups id's.

e)insecure : we can not check permissions and other parameters.

If you want a persistent mounting then edit /etc/fstab and make changes as

(ip address of server):/directory_name /path_where_to_mount_directory nfs defaults 0 0

save and exit

It will be helpful if server is having users and their home directories. Give entry of above line in every clients /etc/fstab file. After login every client will gets his home directory.

To make on the service after every reboot give command :

# chkconfig nfs on

Squid Proxy

Squid Proxy

Squid Server acts as a Internet Service Provider. It caches data and hence speed of internet browsing increases little-bit.
Internet Data : Internet data is of 2 types-
a) Static Data : This data does not changes e.g. Documents etc.
b) Dynamic Data : this data changes as time passes. e.g. Advertise, pictures etc.

                         Static data can be cached. Dynamic data can not be cached. The data which has been cached on internet is given to clients through server. But dynamic data needs to be taken every time from internet. Proxy server can also be used as an internet accelerator. If someone is accessing data from outside network then this server acts as a interface between main server and client, so that there is less load on main server.

Check for package is installed or not : # rpm -qa |grep squid*

If package is installed on your system then...

Edit '/etc/squid/squid.conf ' file
                                 Contents of squid.conf
a) #http_port 3128
the default port for squid is 3128, if you want to change then remove comment.

b) cache_dir ufs /var/spool/squid 100 16 256
this directory contains cached data. [ufs = file system, 100 = size = 100 Mb default,
16 = first level directories to be created,
256 = Under every directory we can create 256 second level sub directories]

Exit from vi mode

The directories where it stores cached data are called as 'swap directories'.
To create swap directories give command-

# squid -z ( if error is there then follow next step)

Edit squid.conf file
make changes as
Default :
instead of #none type your host name
save and exit

# squid -z
# service squid start
# chkconfig squid on (to start the service after every reboot)

Goto mozilla
edit tab → preferences → Advanced → proxies
Give Ip address of proxy server
e.g. 172.16.0.1 port 3128

if you are using Internet Explorer then make same changes in
tools tab → internet options

In squid by default there is everything 'off '
To block or allow Ip addresses of machines we need to write ACL's (Access Control List)

To write ACL there is command :
acl   (list name) acl-type   value
e.g. If you want to allow http access to machines in “intranet” domain write following lines in squid.conf file below... #INSERT YOUR OWN RULES HERE line

acl intranet src 192.168.100.10-100
http_access allow intranet

save and exit

# service squid restart

then goto client machine start mozilla open any site. If your machine is having internet connection you will get that site.
Remember first insert all rules of “deny” then insert all rules for “allow”

To Allow or Block Sites :

/etc/squid/squid.conf

acl intranet src 172.16.0.10-172.16.0.20
acl yahoo dstdomain .yahoo..com
http_access deny intranet yahoo

save and Exit

As we know there are very few sites which we want to allow as compared to the sites to be denied. So list of allowed sites can be stored in a file e.g. file named 'goodsites'
e.g. # vim /goodsites
in that file list all the allowed sites i.e.

.yahoo.com
.rediffmail.com
.google.com

save and exit

Edit squid.conf

acl intranet src 172.16.0.10-172.16.0.20
acl good dstdomain “/goodsites”
http_access allow intranet good

save and exit

# service squid restart

open mozilla and check for those sites.

Time Scheduling :

For time scheduling edit squid.conf file

acl intranet src 172.16.0.10-172.16.0.20
acl nettime time SMTW 17:00-19:00
acl good dstdomain “/goodsites”
http_access allow nettime good intranet

save and Exit
# service squid restart

it means if the days are Sunday, Monday, Tuesday, Wednesday and the time is in between 5:00 pm to 7:00 pm the good sites for intranet will open and other sites will remain blocked. If days are Thursday, Friday, Saturday all sites for intranet will be blocked.

This server caches files automatically. If the server gets slow then just increase the size of cache directory above 100Mb.