NFS Server Configuration: How to Allow All Client Mounts (0.0.0.0/0 Wildcard Setup)


9 views

When configuring NFS shares in /etc/exports, many administrators encounter issues with wildcard permissions. The common approach of specifying 0.0.0.0/32 often fails because NFS expects proper network range definitions in CIDR notation.

To allow all clients to mount your NFS share, use one of these valid formats:

/shared/path 0.0.0.0/0(rw,sync,no_subtree_check)
/shared/path *(rw,sync,no_subtree_check)
/shared/path 192.168.1.0/24(rw) 10.0.0.0/8(ro) *(ro)

After editing /etc/exports, always run:

exportfs -rav
systemctl restart nfs-server

Check active exports with:

showmount -e localhost

While allowing all clients (0.0.0.0/0 or *) works, consider these security measures:

/shared/path *(rw,sync,all_squash,anonuid=65534,anongid=65534)

For RHEL/CentOS systems:

firewall-cmd --permanent --add-service=nfs
firewall-cmd --permanent --add-service=mountd
firewall-cmd --permanent --add-service=rpc-bind
firewall-cmd --reload

If clients still can't mount, check these:

rpcinfo -p localhost
journalctl -u nfs-server -f

When you add 0.0.0.0/32 to your NFS exports file, you might expect it to allow mounts from any client. However, this CIDR notation actually represents a single host (0.0.0.0), not a range. This is why your configuration isn't working as intended.

To allow mounts from any client, you should use the asterisk (*) wildcard character in your /etc/exports file:

/shared/directory *(rw,sync,no_subtree_check)

This configuration will:

  • Allow read-write (rw) access from any client
  • Use synchronous writes (sync)
  • Disable subtree checking for better performance

While wildcard access is convenient for testing, it's not recommended for production environments. Instead, consider these alternatives:

/shared/directory 192.168.1.0/24(ro) 10.0.0.0/8(rw)

Or use hostnames if your environment supports DNS:

/shared/directory *.example.com(rw) backup?.example.com(ro)

After modifying /etc/exports, you need to:

  1. Export the changes: exportfs -a
  2. Restart the NFS server: systemctl restart nfs-server
  3. Check active exports: exportfs -v

If clients still can't mount, check:

  • Firewall rules (ports 111, 2049, and 20048)
  • SELinux settings (setsebool -P nfs_export_all_rw 1)
  • Client-side mount options