This tutorial shows how to set up a simple and secure NFSv4 share between two Debian Trixie workstations on a LAN. We’ll call the server 192.168.0.22 and the client 192.168.0.11.

1. Install Packages

On both server and client:

apt install nfs-kernel-server nfs-common

2. Configure the Export on the Server (192.168.0.22)

  1. Create the share directory:
mkdir -p /mnt/raid1/files
chmod 775 /mnt/raid1/files
  1. Edit /etc/exports:
/mnt/raid1/files 192.168.0.11(rw,sync,no_subtree_check,fsid=0)
  1. Reload exports:
exportfs -ra
  1. Restrict to NFSv4-only in /etc/default/nfs-kernel-server:
RPCNFSDOPTS="--nfs-version 4 --no-nfs-version 2 --no-nfs-version 3"
  1. Restart services:
systemctl restart nfs-server nfs-idmapd
  1. Verify:
ss -ltnp | grep :2049

Should show LISTEN on 2049.

3. FireHOL Rule for the Server (192.168.0.22)

In /etc/firehol/firehol.conf:

server_nfs_ports="tcp/2049"

interface any world
    policy drop
    protection strong
    client all accept
    server ssh accept
    server custom nfs accept src 192.168.0.11

Reload FireHOL:

firehol restart

4. Mount the Share on the Client (192.168.0.11)

  1. Create mount point:
mkdir -p /mnt/files
  1. Test mount:
mount -t nfs4 -o nfsvers=4 192.168.0.22:/ /mnt/files
  1. Make it permanent in /etc/fstab:
192.168.0.22:/   /mnt/files   nfs4   rw,_netdev,auto,x-systemd.automount,noatime,nfsvers=4   0  0
  1. Reload mounts:
mount -a

5. Integrate into Nautilus Sidebar

Option 1: Symlink

ln -s /mnt/files ~/at1share

Option 2: Bind Mount

In /etc/fstab:

/mnt/files   /home/oib/at1share   none   bind   0  0

Then:

mkdir -p /home/oib/at1share
mount -a

Option 3: Nautilus Bookmark

Edit ~/.config/gtk-3.0/bookmarks:

file:///mnt/files at1share

6. Test

On the client (192.168.0.11):

touch /mnt/files/hello.txt
ls -l /mnt/files/hello.txt

On the server (192.168.0.22):

ls -l /mnt/raid1/files/hello.txt

If the file appears on both machines, NFS is working.