One of the new features in RHEL 6 is NFS version 4. It has a different concept and some administrators can be confused. I highly recommend to read RHEL 6 Storage Administration Guide or other documents related to NFSv4.

The key change in NFSv4 is the concept of the root directory. To get things working for both v4 and v3 clients the most recommended way is to remount everything under one directory (we will create /exports for that). New clients will use relative paths and old clients full paths.

In my example I am exporting /mnt/data directory, thus I am creating /exports directory with data directory in it, binding it there and configuring nfs and firewall.

# mkdir /mnt/data
# mkdir -p /exports/data


# cat /etc/fstab | grep data
/mnt/data /exports/data none bind


# mount -a


# cat /etc/exports
/exports *(ro,async,no_subtree_check,insecure,fsid=0)
/exports/data 192.168.1.0/24(ro,sync,insecure,no_subtree_check,nohide)

Now it's the time to configure firewall. Uncomment all the lines here:

# grep -v '^#' /etc/sysconfig/nfs
LOCKD_TCPPORT=32803
LOCKD_UDPPORT=32769
RQUOTAD_PORT=875
MOUNTD_PORT=892
STATD_PORT=662

And add all the ports to the firewall config (tcp, udp, tcp, tcp in this order). Open portmapper tcp port 111 as well. You can use GUI/TUI for that, but I prefer config file edit:

# sudo grep -E '\s(32803|32769|892|662|111)\s' /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 111 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 892 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 875 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 662 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 32803 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 32769 -j ACCEPT

Now, this is important. Do not restart nfs using simple "restart" command. First of all bring all the services down:

# service nfs stop
# service nfslock stop
# service rpcbind stop

Now, restart iptables and bring all NFS services up in the following order.

# service iptables restart

# service rpcbind start

# service nfslock start
# service nfs start



This is important because when you do "restart", nfs is usually running already by default and it won't show all errors. Make sure nfs, nfslock and rpcbind services are enabled after boot.

# chkconfig nfs on

# chkconfig nfslock on
# chkconfig rpcbind on


Test it:

# showmount -e localhost

We are almost there. NFSv4 clients must connect with relative address:

# sudo mount -t nfs -o vers=4 server:/data /tmp/my/directory

NFSv3 clients must use full address:

# sudo mount -t nfs -o vers=3 server:/exports/data /tmp/my/directory

Thank to our remount we are able to export any directory within the server.