Feature request for FOG 1.6.x - Configure image capture to use NFSv4 instead of NFSv3


  • Moderator

    System security is becoming more of a concern and many compliance certifications will hit on the openness of the FOG imaging share. By switching over to NFSv4 we can use the additional security that is part of nfsv4 as well as reduce the number of open ports on the server to 1 for NFS. Reducing the number of port will allow FOG to integrate firewall rules in the the FOG design much easier than before.

    On the client side this is what is needed to connect to an NFSv4 server on FOS Linux
    mount -t nfs4 -o proto=tcp,port=2049,nolock,proto =tcp,rsize=32768,wsize=32768,intr,noatime "192.168.10.1:/" /images

    We need to be mindful because mounts work a little differently on nfsv4 where the share point becomes the root of the share (akin to how MS Windows shares work) install of the full path. So sharing /images on the fog server the client would mount /images but the path would be in the root of /images path. Its just something FOG will need to take into account


  • Senior Developer

    There is a nice article on how to setup NFSv4 with a single port open: https://peteris.rocks/blog/nfs4-single-port/


Log in to reply
 

355
Online

7.5k
Users

14.6k
Topics

137.3k
Posts