Set up an NFS server on Debian, share a folder to specific clients, mount it on the client side, and lock it down with iptables.
The general idea: you have a Linux server holding files you want accessible on other Linux machines on the same network. NFS is the right tool for this. It is simple, fast, and does not require any special client software beyond the standard nfs-common package.
Do not copy-paste the entire block at once. Watch the video to understand which commands go on the server and which on the client.
Server setup
# Install the NFS server
sudo apt update
sudo apt install nfs-kernel-server
# Create and prepare the shared folder (ZFS raidz2 in my case, adjust as needed)
sudo mkdir -p /jaglenac
sudo chown -R nobody:nogroup /jaglenac
sudo chmod 777 /jaglenac
Edit /etc/exports to define which clients can access the share:
/jaglenac 192.168.99.13(rw,sync,no_subtree_check) 192.168.99.20(rw,sync,no_subtree_check)
Apply the changes and restart the service:
sudo exportfs -ra
sudo systemctl restart nfs-server
Client setup
# Install the NFS client
sudo apt update
sudo apt install nfs-common
# Create the local mount point
sudo mkdir -p /jaglenac
Add the following line to /etc/fstab, substituting the server IP and paths as needed:
192.168.99.14:/jaglenac /jaglenac nfs4 defaults,_netdev,x-systemd.automount 0 0
Apply and test:
systemctl daemon-reload
mount /jaglenac
df
umount /jaglenac
Firewall with iptables
Lock down NFS port 2049 so only the allowed clients can connect:
sudo apt install iptables
sudo iptables -A INPUT -p tcp -s 192.168.99.13 --dport 2049 -j ACCEPT
sudo iptables -A INPUT -p tcp -s 192.168.99.20 --dport 2049 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 2049 -j DROP
Verify the client can still mount after the rules are applied:
mount /jaglenac
df
Make the rules persistent across reboots:
sudo apt install iptables-persistent
reboot
After the reboot, confirm both the firewall rules and the mount are still active:
iptables -L
df