≡ Menu


Exporting Networked File Systems Via Another Networked File System

Recently, I received a call from client about FTP server not working. Basically, someone was trying to
access networked file system mounts such as cifs and nfs via ftp. This is bad idea and it will result into problems because it is not supported by many applications (I'm not talking about cluster file system here). There are many issues with this kind of weird setup:

+ Permission problem
+ I/O Problem
+ Performance issue etc

Some FTP server do offer work around but I don't recommend exporting networked file system via another file system.

Bottom line, don't mix networked file system with each other.

Security Alert: Ubuntu Linux kernel vulnerabilities

Ubuntu Linux today pushed out a new version of Linux kernel to fix serval local and remote security issues. A malicious CIFS server could cause a client system crash or possibly execute arbitrary code with kernel privileges. On SMP systems, a race condition existed in fcntl(). Local attackers could perform malicious locks, causing system crashes and leading to a denial of service. This security issue affects the following Ubuntu, Kubuntu, Edubuntu, and Xubuntu. releases:

=> Ubuntu 6.06 LTS
=> Ubuntu 7.04
=> Ubuntu 7.10

To fix this issue type the following two commands:
$ sudo apt-get update
$ sudo apt-get upgrade

You need to reboot your computer to effect the necessary changes, enter:
$ sudo reboot

How To Setup OpenSolaris Open Storage Server

This is a great way to build UNIX based NAS server with all goodness of ZFS.

Sun recently announced the addition of powerful developer tools and expanded professional service capabilities to help developers better leverage the growing open source communities that are fast changing the economics of the storage IT landscape. Over 3,000 members and 30+ projects within an active and growing OpenSolaris storage community demonstrate a groundswell within the storage industry for developers and enterprise companies to use open source alternatives to expensive proprietary storage offerings.

Sun further claimed that average developer will be able to set up an OpenSolaris server is about 10 minutes. You can build a OpenSolaris operating system storage server in 10 minutes or less. This how-to recipe is intended to familiarize developers with the simple commands in Solaris for performing data management tasks, i.e. ZFS, NFS, CIFS, COMSTAR etc.

Setting Up an OpenSolaris Storage Server in 10 Minutes or Less

Setting Up an OpenSolaris NAS Box: Father-Son Bonding

Now, the million dollar question - will free software able to sell Sun hardware?

Connecting Linux or UNIX system to Network attached storage device

Network attached storage (NAS) allows using TCP/IP network to backup files. This enables multiple servers in IDC to share the same storage for backup at once, which minimizes overhead by centrally managing hard disks. NAS is scalable, high performance network solution. The main advantage is more hard disk storage space added to a network that already utilizes servers without shutting them down for maintenance and upgrades.

Please note that NAS are not just common in IDC or offices but you can use it for file sharing and backup at home. You can purchase 200+GB NAS for less than $200 these days. Personally, I am using Maxtor ShareStorage 200GB Network Attached Storage at home. This is a step-by-step guide on connecting Linux or UNIX systems to SAN for backup or sharing files.

The protocol used with NAS is a file-based protocol such as NFS or Microsoft's Common Internet File System (CIFS). Both of them allow storing backups using UNIX and Linux servers or Windows 2003 server.

However many new Linux or UNIX sys admin find it difficult to use NAS backup. Here are quick handy tips most newbie will find useful.

(A) Use IP address of NAS. If you do not have properly configured SAMBA server it is difficult to resolve hostnames. IP address will save your time.

(B) If you are using IPTABLES or PF firewall then make sure the following UDP/TCP ports are open between your firewall and the NAS Backup Server:

  1. TCP 21 (ftp)
  2. TCP 20 (ftp-data)
  3. TCP/UDP 137 (NETBIOS Name Service aka netbios-ns)
  4. TCP/UDP 138 (NETBIOS Datagram Service aka netbios-dgm)
  5. TCP/UDP 139 (NETBIOS session service aka netbios-ssn )
  6. TCP/UDP 445 (Microsoft Naked CIFS aka microsoft-ds )

Sample network diagram

Following is sample network diagram for our setup:

+-------------+               +-------------+
|             |               |             |
|   N A S     |<=============>|   Linux/    |
|             |               |   UNIX      |
IP:              IP:

Iptables configuration

FTP outgoing client request using iptables (assuming that your server IP is and NAS IP is Append following iptables rules to your script:

iptables -A OUTPUT -p tcp -s --sport 1024:65535 -d --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s --sport 21 -d --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s --sport 1024:65535 -d --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp -s --sport 1024:65535 -d --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

NETBIOS/CIFS outgoing client request

Please add following rules to your iptables script:

iptables -A OUTPUT -p udp -s --sport 137 -d 0/0 --dport 137 -j ACCEPT
iptables -A OUTPUT -p udp -s --sport 138 -d 0/0 --dport 138 -j ACCEPT
iptables -A OUTPUT -p tcp -s --sport 1024:65535 -d --dport 139 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p udp -s --sport 137 -d --dport 137 -j ACCEPT
iptables -A INPUT -p udp -s --sport 138 -d --dport 138 -j ACCEPT
iptables -A INPUT -p tcp -s --sport 139 -d --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

Please note that when configuring a firewall, the high order ports (1024-65535) are often used for outgoing connections and therefore should be permitted through the firewall. It is prudent to block incoming packets on the high order ports except for established connections. This is what you are doing in above FTP and CIFS client request.

How do I access NAS server using FTP?

You need to use Internet file transfer program (FTP) that comes with UNIX/Linux or windows. Most service provider will provide you:

  • NAS Server IP (e.g. / nas.myserviceprovider.com)
  • NAS FTP Username (e.g. nixcraft)
  • NAS FTP Password (e.g. mySecret)

Let us assume you have file called mysqldump.tar.gz. You can put this file to NAS backup server using following ftp command:

$ ftp nas.myserviceprovider.com


$ ftp


Username: nixcraft
Password: mySecret
ftp> bin
200 Type set to I.
ftp> prom
Interactive mode off.
ftp> put mysqldump.tar.gz
ftp> quit

How do I access NAS server using SAMBA client?

Make sure you have samba client installed. Use apt-get or up2date command to install SAMBA client.

a) Create a directory

# mkdir /backup

b) Mount remote NAS share (NOTE: you must type following command on a single line)

# mount -t smbfs -o username=nixcraft,password=mySecret // /backup


# smbmount -o username=nixcraft,password=mySecret // /backup

You can skip password option for security reason (samba will prompt you for password).

c) Copy files using cp command:

# cp sitebackup.tar.gz /backup

d) You can use /backup directory to dump backup using mysql script or backup shell script.

A note for FreeBSD user

If you would like to access NAS server from FreeBSD use following command (NOTE: you must type following command on a single line):

# mkdir /backup
# mount_smbfs -I //nixcraft@ /backup



Related previous articles

Updated for accuracy.

How to mount remote windows partition (windows share) under Linux

All files accessible in a Linux (and UNIX) system are arranged in one big tree, the file hierarchy, rooted at /. These files can be spread out over several devices. The mount command serves to attach the file system found on some device to the big file tree.

Use the mount command to mount remote windows partition or windows share under Linux as follows:

Procedure to mount remote windows partition (NAS share)

1) Make sure you have following information:
==> Windows username and password to access share name
==> Sharename (such as //server/share) or IP address
==> root level access on Linux

2) Login to Linux as a root user (or use su command)

3) Create the required mount point:
# mkdir -p /mnt/ntserver
4) Use the mount command as follows:
# mount -t cifs //ntserver/download -o username=vivek,password=myPassword /mnt/ntserver

Use following command if you are using Old version such as RHEL <=4 or Debian <= 3: # mount -t smbfs -o username=vivek,password=D1W4x9sw //ntserver/download /mnt/ntserver

5) Access Windows 2003/2000/NT share using cd and ls command:
# cd /mnt/ntserver; ls -l

  • -t smbfs : File system type to be mount (outdated, use cifs)
  • -t cifs : File system type to be mount
  • -o : are options passed to mount command, in this example I had passed two options. First argument is password (vivek) and second argument is password to connect remote windows box
  • //ntserver/download : Windows 2000/NT share name
  • /mnt/ntserver Linux mount point (to access share after mounting)

See also:

Updated for accuracy on Aug-8-2007, 8:19PM.