Morning,
This came up in a discussion in the vmware forums and I figured I would put it all down. The user wanted to be able to have his ISO’s for VMware and Windows shared and wanted to know how to do it from Vmware. Well it’s not possible from VMware because it cannot be a NFS server to share out VMFS. But VMware does support NFS storage so with CentOS (RedHat / OracleLinux it will work the same) you can create a shared NFS mount that can also be mounted via CIFS to Windows.
So I am going to Assume you know how to install Linux if not download and click next…next…next. Once installed login as root and make sure you have networking.
Install and lock down NFS
Code:
yum install nfs -y
Secure the install of NFS:
add the following to /etc/hosts.deny (Will block everyone access to NFS services)
portmap: ALL lockd: ALL statd: ALL mountd: ALL rquotad: ALL
Add hosts that are allowed to connect to NFS to /etc/hosts.allow each Ip with an or
portmap: 10.10.101.10 or 10.10.101.11 lockd: 10.10.101.10 or 10.10.101.11 statd: 10.10.101.10 or 10.10.101.11 mountd: 10.10.101.10 or 10.10.101.11 rquotad: 10.10.101.10 or 10.10.101.11
The exported file system is the file system you want to share out we will use /nfs/ISO in this example it can be anything. I would make it a different partition and potentially LVM but that’s out of scope. Edit /etc/exports and add the servers you want to be able to mount /nfs/ISO notice I made 10.10.101.11 read only (ro) and 10.10.101.10 read write (rw)
# Sample /nfs/ISO 10.10.101.10(rw,no_root_squash) /nfs/ISO 10.10.101.11(ro,no_root_squash)
Now we need to lock down NFS to specific ports to make it more firewall friendly. Edit /etc/sysconfig/nfs and add the following lines (make sure to comment out these lines if already in use)
STATD_PORT=4000 LOCKD_TCPPORT=4001 LOCKD_UDPPORT=4001 MOUNTD_PORT=4002 RQUOTAD_PORT=4003
Add the following to /etc/services and comment out original entries:
rquotad 4003/tcp # rquota rquotad 4003/udp # rquota
Start NFS service and enable at boot time:
/etc/init.d/portmap start /etc/init.d/nfs start /etc/init.d/nfslock start chkconfig portmap on chkconfig nfs on chkconfig nfslock on
Now if your running a host based firewall you will want to open it remember we are controlling access via hosts.allow:
-A RH-Firewall-1-INPUT -p tcp -m multiport --dports 4000:4003 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m multiport --dports 4000:4003 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp --dport 2049 -j ACCEPT -A RH-Firewall-1-INPUT -p udp --dport 2049 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp --dport 111 -j ACCEPT -A RH-Firewall-1-INPUT -p udp --dport 111 -j ACCEPT
Now you need to setup and install SAMBA to share out the same file system via CIFS:
Lets start with the firewall rules and assume that our Windows servers are all on 192.168.10.0/24
-A RH-Firewall-1-INPUT -s 192.168.10.0/24 -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.10.0/24 -m state --state NEW -m udp -p udp --dport 445 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.10.0/24 -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.10.0/24 -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.10.0/24 -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
Install Samba and required componets:
yum install samba samba-client samba-common
Turn it on at boot time
chkconfig smb on chkconfig nmb on
Edit the file /etc/samba/smb.conf and add your info to the config file including workgroup… yes it’s possible to add Samba to a domain I will not cover it here
#======================= Global Settings ===================================== [global] workgroup = WORKGROUP security = share map to guest = bad user #============================ Share Definitions ============================== [ISO] path = /nfs/ISO browsable =yes writable = yes guest ok = yes read only = no
Restart samba services to reload the changed config
sudo service smb restart sudo service nmb restart
Browse to the machine for something in 192.168.10.0/24 and you should see the share and be able to write to it.
Please let me know if you have any questions and enjoy your ISO share (yes it can be a virtual machine)