NFS is a great way to share files across a computer network. If you have a Ubuntu 18.04 server and want to share files to Windows 10 Pro or Enterprise clients (or Linux based clients), you've come to the right place.

Some time ago, I bought a Synology NAS because Synology has a nice app that can automate backups of local directories on my Windows computers to my Synology NAS. It gave me peace of mind with regard to backups, but it didn't solve another need that soon emerged: sharing some of these folders with other members of the household. I tried to use the built-in Synology NFS. It worked, but was painfully slow on my low-end, underpowered Synology with spindle drives. So I decided to set up my household i7 server with M2 disks instead. This is the short and sweet story of how I replaced my Synology and created shared folders for my household.

Set up the server (Ubuntu 18.04)

First, install the NFS server:

sudo apt-get install nfs-kernel-server

Now, prepare an NFS-share. I bind-mounted an existing directory on my Linux server to a short and sweet directory under /mnt, just to make the share-name shorter on the Windows client.

Create the mount point:

mkdir /mnt/myshare

Then edit fstab and bind-mounted the directory with the actual files to my easy to remember and recognize share:

sudo vi /etc/fstab
/deep/down/directory/with/files/to/share /mnt/myshare none defaults,bind 0 0

mount /mnt/myshare
ls -la /mnt/myshare

Now, /mnt/myshare should have the contents of the deep down directory with files to share, and you are ready to share this directory from your NFS server.

To enable sharing, just edit the exports file and restart the service, like this:

sudo vi /etc/exports

sudo service nfs-kernel-server restart

This will allow any client on the network plus the single IP to connect. You must make sure you trust the range and the IPs you allow to access your share. By defult, if the client says he's root, he's re-mapped to "nobody". If the client says he's a valid user, NFS will accept that in the current configuration. You can ovverride that and force a uid + gid if you want to.

My server lives in a secured VLAN with a dedicated external firewall granting client access. If you want to secure the server and tighten your firewall, take a look at this page.

In short, I allow traffic to my NFS server from trusted networks on TCP and UDP on the following ports:

  • 111
  • 2049
  • From 32764 to 32769 (or the more common notation: 32764:32769)

Port 111 and 2049 are fixed. In order to fix the higher ports I changed / appended to the following files on my NFS host server:

# /etc/default/nfs-common (change)
STATDOPTS="--port 32765 --outgoing-port 32766"

# /etc/default/nfs-kernel-server (change)

# /etc/default/quota (change)

# /etc/services (append - optional)
# NFS ports as per the NFS-HOWTO
# Listing here does not mean they will bind to these ports. 
rpc.nfsd        2049/tcp                        # RPC nfsd
rpc.nfsd        2049/udp                        # RPC nfsd
rpc.nfs-cb      32764/tcp                       # RPC nfs callback
rpc.nfs-cb      32764/udp                       # RPC nfs callback
rpc.statd-bc    32765/tcp                       # RPC statd broadcast
rpc.statd-bc    32765/udp                       # RPC statd broadcast
rpc.statd       32766/tcp                       # RPC statd listen
rpc.statd       32766/udp                       # RPC statd listen
rpc.mountd      32767/tcp                       # RPC mountd
rpc.mountd      32767/udp                       # RPC mountd
rpc.lockd       32768/tcp                       # RPC lockd/nlockmgr
rpc.lockd       32768/udp                       # RPC lockd/nlockmgr
rpc.quotad      32769/tcp                       # RPC quotad
rpc.quotad      32769/udp                       # RPC quotad

Then create the follwoing file with content:

sudo vi /etc/modprobe.d/local.conf

# /etc/modprobe.d/local.conf
options lockd nlm_udpport=32768 nlm_tcpport=32768
options nfs callback_tcpport=32764

Reload the system with new ports:

sysctl --system
sudo service nfs-kernel-server restart

Set up the client (Windows 10 Pro/Enterprise)

Setting up the client is key to make this work. Remember, you can set up several clients towards the same share! If you have Windows 10 Home Edition, you're out of luck, though. It doesn't ship with the NFS client.

To set up the client:

  • Search for and go to "Control Panel"
  • Go to "Programs"
  • Click to the sub-title "Turn Windows features on or off"
  • Open "Services for NFS", select "Client for NFS"
  • Click OK.

Now, you need to tweak the client a bit for it to work correctly.

The first thing is to alter the UID and GID you connect to the share with. If you are allowed to connect to an NFS share, NFS also believes you are who you say you are(!). I chose to use the UID and GID of the owner of the files in the /mnt/myshare folder.

  • Search for and go to "regedit"
  • Create two New DWORD (32-bit) values inside the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ClientForNFS\CurrentVersion\Default
    • AnonymousUid
    • AnonymousGid
    • Assign the UID and GID of your choosing, but preferably the owners of the files in the /mnt/myshare folder.

The second thing is to change the default permissions set on files created by the Windows client.

  • Search for "cmd" and run it as a privileged user
  • Type the following command and press enter: nfsadmin client config fileaccess=660 This will change the default file permissions from 755 to 660.

To see the client defaults and what other options you can configure, type the following command:

  • nfsadmin client config

You can also stop and start the NFS client (but your mileage may vary):

  • nfsadmin client stop
  • nfsadmin client start

To be completely safe, restart your computer for the changes to take effect.

Now, its' time to connect to your share:

  • Open File Explorer
  • Right click on "This PC" and choose "Map Network Drive"
  • Choose a drive letter
  • For location, type in: \serverip\mnt\myshare
  • Reconnect at startup

And you're set!

Previous Post Next Post