So here was the problem. I have an NTFS external usb drive I wanted to connect to my RPi home server and share with NFS to an Amazon Fire TV with KODI. Couldn’t get it for the life of me. KODI wouldn’t even see the NFS server in browse. Finally figured it out. Firewall problem. So first part sets up regular NFS with an NTFS drive on an RPi suitable for NFSv4. The second part setups up for KODI devices. And finally I add Samba as a backup.
Part 1: Mount the drive.
Obviously plug in the harddrive. Mine is an NTFS external. So we need ntfs tools.
sudo lsblk -o UUID,NAME,FSTYPE,SIZE,MOUNTPOINT,LABEL,MODEL #use this to get /dev/sdaX
sudo mkdir /mnt/external
sudo apt-get install ntfs-3g
sudo mount /dev/sda1 /mnt/external1
sudo nano /etc/fstab
#Put this in the fstab. I got the UUID from the blkid command
UUID=xxxxxxxxx /mnt/external ntfs defaults,auto,umask=000,users,rw 0 0
Install the necessary components, tell NFS to export that folder to our subnet, restart NFS, and open the NFS files on our firewall (to our subnet only).
Note: YOU CAN’T SHARE A SYMLINK of your mount. I tried. No one liked it. Might be an NTFS problem. who knows. just share the real mount point.
sudo apt-get install nfs-common
sudo apt-get install nfs-kernel-server
sudo nano /etc/exports
#add the following line. This opens external to the subnet with read-only privileges. KODI requires that you use insecure, things will go bad if you don't have that because the KODI user is some weird UID and NFS is all about access restrictions with those UIDs. no_root_squash is a terrible idea, it allows everyone to connect with root, BUT since our external is NTFS permissions are borked in unix environments and everything belows to root with 777 permissions. So if your share is NTFS add no_root_squash. Otherwise all_squash is fine for KODI stuff in ext4.
sudo systemctl restart nfs-kernel-server
#nfs below is port 2049.
sudo ufw allow from 192.168.1.0/24 to any port nfs
sudo showmount -e 192.168.1.xx #should show the mount points on a remote server
sudo exportfs #should show the mountpoints on the local server.
That’s it. If you have all devices using NFSv4…. But KODI doesn’t!
Part 2 – Fun stuff.
So this works everywhere else, but since KODI uses NFSv3 instead of version 4, we have a firewall problem. NFSv3 uses several more ports and needs RPCBind to find the server. All manageable problems.
Mount-D in RPCBind uses a random port. That won’t work if we have deny all incoming as our default in ufw, which we should. So we need RPC to bind to a static port.
sudo nano /etc/default/nfs-kernel-server
RPCMOUNTDOPTS="--port 10203" #comment line above and force RPC to use a specific port. Any will do. Make it high.
sudo service nfs-kernel-server restart
Awesome. Now we have ports we can expect. Who would have known KODI was so much trouble. NFSv4 is so much better. We need to open up the mount port (I picked 10203 at random) to the subnet (or can use * and open to any, or can just say “sudo ufw allow 10203” to open to the world. You probably have a router firewall that stops outside of the subnet from connecting. I just like to keep a tight and tidy firewall).
sudo ufw allow from 192.168.1.0/24 to any port 111
sudo ufw allow from 192.168.1.0/24 to any port 10203
#You need port 2049 also, but it should already be in there from the stuff up top
For some reason RPCBind is messed up on the pi, it doesnt announce our NFS on port 111 if it starts after nfs-kernel-server is started. So a trick is to just wait 10 seconds after boot to start nfs-kernel-server. It’s stupid. I made it 20 because why not be safe. I believe this is Pi specific. Everything else is Ubuntu/Debian general.
sudo nano /etc/init.d/nfs-kernel-server
sleep 20 #Add this somewhere super early at the beginning of the script, but after the shebang (#!/bin/bash) obviously.
Part 3 – SAMBA
sudo nano /etc/samba/smb.conf
add to the following:
path = /mnt/external
comment = USB Share
guest ok = yes
read only = no
create mask = 0777
directory mask = 0777
available = yes
writable = yes
browsable = yes
Samba needs the following ports.
sudo ufw allow from 192.168.1.0/24 to any port 137
sudo ufw allow from 192.168.1.0/24 to any port 138
sudo ufw allow from 192.168.1.0/24 to any port 139
sudo ufw allow from 192.168.1.0/24 to any port 445
Now restart Samba and you should be good to go
sudo service smbd restart
One thought on “NFS on Raspberry Pi with ufw, NTFS, and connect from KODI”
Thanks for sharing the NFS settings!
Kodi uses Libnfs to access nfs shares. The library defaults to use nfs3, but apparently you can also call nfs4, so that would be another option here. See the README of the library: https://github.com/sahlberg/libnfs