Network attached storage (NAS) allows using TCP/IP network to backup files. This enables multiple servers in IDC to share the same storage for backup at once, which minimizes overhead by centrally managing hard disks. NAS is scalable, high performance network solution. The main advantage is more hard disk storage space added to a network that already utilizes servers without shutting them down for maintenance and upgrades.
Please note that NAS are not just common in IDC or offices but you can use it for file sharing and backup at home. You can purchase 200+GB NAS for less than $200 these days. Personally, I am using Maxtor ShareStorage 200GB Network Attached Storage at home. This is a step-by-step guide on connecting Linux or UNIX systems to SAN for backup or sharing files.
The protocol used with NAS is a file-based protocol such as NFS or Microsoft’s Common Internet File System (CIFS). Both of them allow storing backups using UNIX and Linux servers or Windows 2003 server.
However many new Linux or UNIX sys admin find it difficult to use NAS backup. Here are quick handy tips most newbie will find useful.
(A) Use IP address of NAS. If you do not have properly configured SAMBA server it is difficult to resolve hostnames. IP address will save your time.
(B) If you are using IPTABLES or PF firewall then make sure the following UDP/TCP ports are open between your firewall and the NAS Backup Server:
- TCP 21 (ftp)
- TCP 20 (ftp-data)
- TCP/UDP 137 (NETBIOS Name Service aka netbios-ns)
- TCP/UDP 138 (NETBIOS Datagram Service aka netbios-dgm)
- TCP/UDP 139 (NETBIOS session service aka netbios-ssn )
- TCP/UDP 445 (Microsoft Naked CIFS aka microsoft-ds )
Sample network diagram
Following is sample network diagram for our setup:
| | | |
| N A S |<=============>| Linux/ |
| | | UNIX |
FTP outgoing client request using iptables (assuming that your server IP is 126.96.36.199 and NAS IP is 188.8.131.52). Append following iptables rules to your script:
iptables -A OUTPUT -p tcp -s 184.108.40.206 –sport 1024:65535 -d 220.127.116.11 –dport 21 -m state –state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 18.104.22.168 –sport 21 -d 22.214.171.124 –dport 1024:65535 -m state –state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 126.96.36.199 –sport 1024:65535 -d 188.8.131.52 –dport 1024:65535 -m state –state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp -s 184.108.40.206 –sport 1024:65535 -d 220.127.116.11 –dport 1024:65535 -m state –state ESTABLISHED -j ACCEPT
NETBIOS/CIFS outgoing client request
Please add following rules to your iptables script:
iptables -A OUTPUT -p udp -s 18.104.22.168 –sport 137 -d 0/0 –dport 137 -j ACCEPT
iptables -A OUTPUT -p udp -s 22.214.171.124 –sport 138 -d 0/0 –dport 138 -j ACCEPT
iptables -A OUTPUT -p tcp -s 126.96.36.199 –sport 1024:65535 -d 188.8.131.52 –dport 139 -m state –state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p udp -s 184.108.40.206 –sport 137 -d 220.127.116.11 –dport 137 -j ACCEPT
iptables -A INPUT -p udp -s 18.104.22.168 –sport 138 -d 22.214.171.124 –dport 138 -j ACCEPT
iptables -A INPUT -p tcp -s 126.96.36.199 –sport 139 -d 188.8.131.52 –dport 1024:65535 -m state –state ESTABLISHED -j ACCEPT
Please note that when configuring a firewall, the high order ports (1024-65535) are often used for outgoing connections and therefore should be permitted through the firewall. It is prudent to block incoming packets on the high order ports except for established connections. This is what you are doing in above FTP and CIFS client request.
How do I access NAS server using FTP?
You need to use Internet file transfer program (FTP) that comes with UNIX/Linux or windows. Most service provider will provide you:
- NAS Server IP (e.g. 184.108.40.206 / nas.myserviceprovider.com)
- NAS FTP Username (e.g. nixcraft)
- NAS FTP Password (e.g. mySecret)
Let us assume you have file called mysqldump.tar.gz. You can put this file to NAS backup server using following ftp command:
$ ftp nas.myserviceprovider.com
$ ftp 220.127.116.11
200 Type set to I.
Interactive mode off.
ftp> put mysqldump.tar.gz
How do I access NAS server using SAMBA client?
Make sure you have samba client installed. Use apt-get or up2date command to install SAMBA client.
a) Create a directory
# mkdir /backup
b) Mount remote NAS share (NOTE: you must type following command on a single line)
# mount -t smbfs -o username=nixcraft,password=mySecret //18.104.22.168/sharename /backup
# smbmount -o username=nixcraft,password=mySecret //22.214.171.124/sharename /backup
You can skip password option for security reason (samba will prompt you for password).
c) Copy files using cp command:
# cp sitebackup.tar.gz /backup
d) You can use /backup directory to dump backup using mysql script or backup shell script.
A note for FreeBSD user
If you would like to access NAS server from FreeBSD use following command (NOTE: you must type following command on a single line):
# mkdir /backup
# mount_smbfs -I 126.96.36.199 //email@example.com/sharename /backup
Related previous articles
Updated for accuracy.