Tutorial: Mounting a Mac DAS via NFS to Proxmox Server
Table of Contents
- Overview
- Architecture
- Prerequisites
- Understanding the Challenges
- Part 1: Prepare the Mac NFS Server
- Part 2: Configure NFS Exports
- Part 3: Enable Full Disk Access
- Part 4: Test NFS from Proxmox
- Part 5: Make the Mount Persistent
- Troubleshooting
- Security Considerations
- Performance Optimization
Overview
This tutorial guides you through configuring Network File System (NFS) to share a Direct Attached Storage (DAS) device connected to a Mac with a Proxmox server over a network. This is particularly useful for:
- Backup storage: Using large external drives for Proxmox backups
- Shared storage: Accessing Mac-attached storage from Linux servers
- Cost-effective solutions: Leveraging existing hardware instead of dedicated NAS devices
What you will accomplish:
- Configure macOS as an NFS server
- Export an external APFS drive via NFS
- Mount the NFS share on a Proxmox server
- Ensure proper permissions and security
- Enable persistent mounts across reboots
Difficulty Level: Intermediate
Estimated Time: 30-45 minutes
Architecture
┌─────────────────────────────────────┐
│ Proxmox Server │
│ │
│ ┌──────────────────────────────┐ │
│ │ Docker Containers/VMs │ │
│ │ (Services requiring │ │
│ │ backup storage) │ │
│ └──────────────────────────────┘ │
│ │ │
│ │ NFS Mount │
│ ▼ │
│ ┌──────────────────────────────┐ │
│ │ /mnt/remote-storage │ │
│ │ (NFS mount point) │ │
│ └──────────────────────────────┘ │
└─────────────────┬───────────────────┘
│
│ Network (Tailscale/LAN)
│ NFS Protocol
│
┌─────────────────▼───────────────────┐
│ Mac Computer │
│ │
│ ┌──────────────────────────────┐ │
│ │ NFS Server (nfsd) │ │
│ │ Exports: /Volumes/DAS │ │
│ └──────────────────────────────┘ │
│ │ │
│ │ Direct Attachment │
│ ▼ │
│ ┌──────────────────────────────┐ │
│ │ External DAS │ │
│ │ (APFS formatted) │ │
│ │ Mounted at /Volumes/DAS │ │
│ └──────────────────────────────┘ │
└─────────────────────────────────────┘Network Requirements:
- Both systems on the same network OR connected via VPN (e.g., Tailscale)
- NFS uses ports: TCP/UDP 2049 (NFS), TCP/UDP 111 (portmapper)
- Firewall must allow NFS traffic between systems
Prerequisites
Mac (NFS Server) Requirements
- macOS Version: macOS 10.14 (Mojave) or later
- DAS Format: APFS or HFS+ (Journaled)
- ⚠️ exFAT, FAT32, and NTFS are NOT supported for NFS exports
- Network: Static IP or reliable network connection
- Admin Access: Administrator account with sudo privileges
- Storage: External drive mounted and accessible
Proxmox (NFS Client) Requirements
- Proxmox VE: Version 7.0 or later (any Debian-based Linux works)
- Network: Network connectivity to Mac
- Packages:
nfs-commoninstalled - Root Access: SSH access with root or sudo privileges
Network Requirements
- Recommended: Tailscale mesh VPN for secure, encrypted connections
- Alternative: Direct LAN connection (ensure firewall rules allow NFS)
- IP Addressing: Know both Mac and Proxmox IP addresses
Understanding the Challenges
Before diving into configuration, it is important to understand the unique challenges of NFS on macOS:
Challenge 1: External Drive Ownership
The Problem:
macOS mounts external drives with the noowners flag by default. This means:
- All files appear to be owned by the user who mounted the drive
chowncommands have no effect- Unix permissions are not stored on the filesystem
- NFS cannot properly map permissions
Why This Happens:
Apple designed this behavior for compatibility and security when sharing drives between multiple Macs or different users. However, it breaks NFS functionality.
The Solution:
You must explicitly enable ownership on external drives using diskutil enableOwnership.
Challenge 2: The nfsd Binary Location
The Problem:
The NFS daemon (nfsd) on macOS is located at /sbin/nfsd, not /usr/sbin/nfsd where many expect it. This makes it difficult to find when granting Full Disk Access permissions.
Why This Matters:
macOS Full Disk Access requires exact binary paths. If you try to add the wrong path, the permissions will not work.
Challenge 3: macOS Sandbox Restrictions
The Problem:
Modern macOS versions (Ventura 13.x, Sonoma 14.x, and later) implement strict sandbox restrictions. System daemons like nfsd cannot access external volumes without explicit Full Disk Access permissions.
The Error:
exports:1: sandbox_check failed. nfsd has no read access to "/Volumes/DAS/backup-folder"The Solution:
Grant /sbin/nfsd Full Disk Access via System Settings and reboot.
Challenge 4: Symlinks in NFS Exports
The Problem:
macOS nfsd validates export paths at startup before resolving symlinks. If you try to export a symlink, it will fail with:
exports:1: path contains non-directory or non-existent componentsThe Solution:
Always use direct paths in /etc/exports, never symlinks.
Part 1: Prepare the Mac NFS Server
Step 1: Verify DAS is Mounted
First, ensure your external drive is connected and mounted:
# List all mounted volumes
ls -la /Volumes/
# Check if your DAS is mounted
df -h | grep DAS
# Expected output:
# /dev/disk2s1 5.0Ti 2.5Ti 2.5Ti 50% /Volumes/DASNote the mount point – typically /Volumes/[DriveName]. You will need this path throughout the tutorial.
Step 2: Verify Drive File System
Critical Step: Your DAS must be formatted as APFS or HFS+ (Mac OS Extended – Journaled) for NFS to work.
# Check the file system type
diskutil info /Volumes/DAS | grep "File System"
# Expected output (good):
# File System Personality: APFS
# Or:
# File System Personality: Journaled HFS+If you see exFAT, FAT32, or NTFS:
⚠️ You must reformat the drive (this will erase all data):
# BACKUP ALL DATA FIRST!
# Find the disk identifier
diskutil list
# Reformat to APFS (replace diskX with your actual disk)
sudo diskutil eraseDisk APFS DAS diskXAlternative: Use SMB (Samba) instead of NFS if you cannot reformat.
Step 3: Enable Ownership on External Drive
This is the most critical step for NFS to work with external APFS drives.
# Check current ownership status
diskutil info /Volumes/DAS | grep "Owners"
# If it shows "Owners: Disabled", enable it:
sudo diskutil enableOwnership /Volumes/DAS
# Verify ownership is now enabled
diskutil info /Volumes/DAS | grep "Owners"
# Expected output:
# Owners: EnabledVerify the mount no longer has noowners flag:
mount | grep DAS
# Before enabling ownership:
# /dev/disk2s1 on /Volumes/DAS (apfs, local, nodev, nosuid, journaled, noowners)
# After enabling ownership (noowners should be gone):
# /dev/disk2s1 on /Volumes/DAS (apfs, local, nodev, nosuid, journaled)Step 4: Create Backup Directory
Create a dedicated directory for NFS exports:
# Create the directory
sudo mkdir -p /Volumes/DAS/nfs-storage
# Set ownership to root:wheel (required for NFS)
sudo chown root:wheel /Volumes/DAS/nfs-storage
# Set appropriate permissions
sudo chmod 755 /Volumes/DAS/nfs-storage
# Verify ownership and permissions
ls -la /Volumes/DAS/
# Expected output:
# drwxr-xr-x 2 root wheel 64 Nov 8 10:00 nfs-storageImportant: If chown does not change the ownership, you need to go back to Step 3 and enable ownership.
Part 2: Configure NFS Exports
Step 5: Create or Edit /etc/exports
The /etc/exports file defines which directories are shared via NFS and who can access them.
# Create the file if it doesn't exist
sudo touch /etc/exports
# Edit the file
sudo nano /etc/exportsAdd the following line (adjust the IP addresses to your network):
/Volumes/DAS/nfs-storage -alldirs -maproot=root:wheel -network 192.168.x.x -mask 255.255.255.0Configuration breakdown:
/Volumes/DAS/nfs-storage– The directory to export (use direct path, not symlink)-alldirs– Export all subdirectories-maproot=root:wheel– Map remote root user to local root:wheel-network 192.168.x.x– Allow access from this network (adjust to your network)-mask 255.255.255.0– Network mask (adjust to your network)
Alternative configurations:
For Tailscale network (100.x.x.x):
/Volumes/DAS/nfs-storage -alldirs -maproot=root:wheel -network 100.0.0.0 -mask 255.0.0.0For single IP only (more secure):
/Volumes/DAS/nfs-storage -alldirs -maproot=root:wheel 192.168.x.xFor multiple networks:
/Volumes/DAS/nfs-storage -alldirs -maproot=root:wheel -network 192.168.x.x -mask 255.255.255.0 -network 100.0.0.0 -mask 255.0.0.0Save and exit:
- Press
Control + O(write out) - Press
Enterto confirm - Press
Control + Xto exit
Step 6: Verify Export Configuration
Before enabling NFS, verify your configuration:
# View the exports file
cat /etc/exports
# Should show your export line exactly as you entered itCommon mistakes to avoid:
- ❌ Using symlinks in the path
- ❌ Wrong network address or mask
- ❌ Typos in flags (e.g.,
-aldirinstead of-alldirs) - ❌ Missing dash before flags (e.g.,
alldirsinstead of-alldirs) - ❌ Multiple export lines for the same directory (consolidate them)
Part 3: Enable Full Disk Access
This is the most crucial step for modern macOS versions. Without Full Disk Access, nfsd cannot read external volumes.
Step 7: Locate the NFS Daemon
First, verify where nfsd is located:
# The correct location is /sbin/nfsd
ls -la /sbin/nfsd
# Expected output:
# -rwxr-xr-x 1 root wheel [...] /sbin/nfsdNote: Many online guides incorrectly reference /usr/sbin/nfsd, which does not exist on modern macOS.
Step 8: Add nfsd to Full Disk Access (GUI Method)
Using System Settings:
- Open System Settings (or System Preferences on older macOS)
- Navigate to Privacy & Security → Full Disk Access
- Click the lock icon (bottom-left) and enter your password
- Click the “+” button to add an application
- Press Command (⌘) + Shift + G to open “Go to Folder”
- Type exactly:
/sbin(not/usr/sbin) - Press Enter
- Scroll through the list to find
nfsd
9. It will be alphabetically betweennetstatandnfs4mapid - Single-click on
nfsdto select it - Click Open
- Verify
nfsdappears in the Full Disk Access list - Ensure the toggle is ON (blue/enabled)
Important: You must select the binary file named nfsd, not nfs4mapid or other NFS-related files.
Step 9: Add nfsd to Full Disk Access (Command Line Method)
Alternative method using Terminal:
# Add nfsd to Full Disk Access via TCC database
sudo sqlite3 /Library/Application Support/com.apple.TCC/TCC.db
"INSERT or REPLACE INTO access VALUES('kTCCServiceSystemPolicyAllFiles','/sbin/nfsd',1,2,4,1,NULL,NULL,0,'UNUSED',NULL,0,$(date +%s),NULL,NULL,'UNUSED',$(date +%s));"
# Verify it was added
sudo sqlite3 /Library/Application Support/com.apple.TCC/TCC.db
"SELECT * FROM access WHERE service='kTCCServiceSystemPolicyAllFiles';" | grep nfsdExpected output:
kTCCServiceSystemPolicyAllFiles|/sbin/nfsd|1|2|4|1|...Step 10: Enable NFS Service
Now enable the NFS service:
# Enable NFS server
sudo nfsd enable
# Verify NFS is running
sudo nfsd status
# Expected output:
# nfsd service is enabled
# nfsd is running (pid XXXXX, 8 threads)Step 11: Validate Export Configuration
Check if your exports are valid:
# Check for configuration errors
sudo nfsd checkexports
# Expected output:
# (no output = success!)If you see errors:
Error: sandbox_check failed. nfsd has no read access to...
Solution: Full Disk Access was not properly granted or has not taken effect yet. See Step 12.
Error: path contains non-directory or non-existent components
Solution: You are using a symlink or the directory does not exist. Use the direct path and verify the directory exists.
Error: no usable directories in export entry
Solution: Check your /etc/exports syntax for typos or wrong flags.
Step 12: Reboot Mac (Required)
Critical step: macOS requires a full restart for Full Disk Access permissions to take effect for system daemons.
# Reboot the Mac
sudo shutdown -r nowWhy reboot is necessary:
- Full Disk Access permissions are loaded at boot time
- System daemons like
nfsdrun in a protected context - The TCC (Transparency, Consent, and Control) database is read at startup
- Simply restarting the
nfsdservice is not sufficient
Step 13: Verify NFS After Reboot
After the Mac restarts:
# Verify ownership is still enabled
diskutil info /Volumes/DAS | grep "Owners"
# Verify directory permissions
ls -la /Volumes/DAS/nfs-storage
# Verify NFS is running
sudo nfsd status
# Check exports (should be clean now)
sudo nfsd checkexports
# View active exports
showmount -e localhostExpected successful output:
❯ showmount -e localhost
Exports list on localhost:
/Volumes/DAS/nfs-storage 192.168.x.xIf you still see errors after reboot:
- Verify Full Disk Access was granted to
/sbin/nfsd(not another file) - Check System Settings → Privacy & Security → Full Disk Access
- Ensure the toggle next to
nfsdis enabled (blue) - Try removing and re-adding
nfsdto Full Disk Access - Reboot again
Part 4: Test NFS from Proxmox
Now that the Mac is configured as an NFS server, test mounting from your Proxmox server.
Step 14: Prepare Proxmox Client
SSH into your Proxmox server:
# From your workstation
ssh root@<proxmox-ip>
# Or SSH as a regular user
ssh username@<proxmox-ip>Step 15: Install NFS Client Tools
# Update package lists
apt update
# Install NFS client utilities
apt install nfs-common -y
# Verify installation
showmount --versionStep 16: Test NFS Connectivity
# Test if the export is visible from Proxmox
showmount -e <mac-ip>
# Example:
# showmount -e 192.168.x.x
# Expected output:
# Export list for 192.168.x.x:
# /Volumes/DAS/nfs-storage 192.168.x.xIf this fails:
- Check network connectivity:
ping <mac-ip> - Check firewall: Ensure Mac firewall allows NFS from Proxmox IP
- Check Tailscale: If using Tailscale, ensure both systems are connected
- Verify NFS on Mac:
sudo nfsd statuson Mac
Step 17: Create Mount Point
# Create directory for mounting (requires root)
sudo mkdir -p /mnt/remote-storage
# Verify directory was created
ls -la /mnt/ | grep remote-storageStep 18: Test Mount the NFS Share
# Mount the NFS share
sudo mount -t nfs <mac-ip>:/Volumes/DAS/nfs-storage /mnt/remote-storage
# Example:
# sudo mount -t nfs 192.168.x.x:/Volumes/DAS/nfs-storage /mnt/remote-storage
# Verify the mount
df -h | grep remote-storage
# Expected output:
# 192.168.x.x:/Volumes/DAS/nfs-storage 5.0Ti 2.5Ti 2.5Ti 50% /mnt/remote-storage
# Check mount details
mount | grep remote-storageMount output breakdown:
192.168.x.x:/Volumes/DAS/nfs-storage on /mnt/remote-storage type nfs4 (rw,relatime,vers=4.0,...)type nfs4– Using NFSv4 protocol (good)rw– Mounted read-writerelatime– Access time updates optimized
Step 19: Test Read/Write Access
# Test creating a file
sudo touch /mnt/remote-storage/test-from-proxmox.txt
# Write content to the file
echo "Hello from Proxmox" | sudo tee /mnt/remote-storage/test-from-proxmox.txt
# List files
ls -la /mnt/remote-storage/
# Expected output:
# total 8
# drwxr-xr-x 3 root root 96 Nov 8 10:00 .
# drwxr-xr-x 3 root root 4096 Nov 8 10:00 ..
# -rw-r--r-- 1 root root 19 Nov 8 10:00 test-from-proxmox.txt
# Read the file
cat /mnt/remote-storage/test-from-proxmox.txt
# Expected output:
# Hello from ProxmoxStep 20: Verify on Mac
Back on your Mac, verify the file appears:
# On Mac
ls -la /Volumes/DAS/nfs-storage/
# Expected output:
# total 8
# drwxr-xr-x 3 root wheel 96 Nov 8 10:00 .
# drwxr-xr-x@ 34 user staff 1088 Nov 8 10:00 ..
# -rw-r--r-- 1 root wheel 19 Nov 8 10:00 test-from-proxmox.txt
# Read the file
cat /Volumes/DAS/nfs-storage/test-from-proxmox.txt
# Expected output:
# Hello from ProxmoxIf the file appears with correct ownership (root:wheel), NFS is working perfectly!
Step 21: Clean Up Test Files
# On Proxmox
sudo rm /mnt/remote-storage/test-from-proxmox.txt
# Verify deletion on Mac
ls -la /Volumes/DAS/nfs-storage/Step 22: Unmount Test
# On Proxmox
sudo umount /mnt/remote-storage
# Verify unmounted
df -h | grep remote-storage
# (should show nothing)Part 5: Make the Mount Persistent
To automatically mount the NFS share at boot, add it to /etc/fstab.
Step 23: Edit fstab
# On Proxmox
sudo nano /etc/fstabAdd this line at the end:
<mac-ip>:/Volumes/DAS/nfs-storage /mnt/remote-storage nfs defaults,_netdev 0 0Example:
192.168.x.x:/Volumes/DAS/nfs-storage /mnt/remote-storage nfs defaults,_netdev 0 0Field breakdown:
192.168.x.x:/Volumes/DAS/nfs-storage– NFS server and export path/mnt/remote-storage– Local mount pointnfs– Filesystem typedefaults– Default mount options (rw, suid, dev, exec, auto, nouser, async)_netdev– Wait for network before mounting (critical for network filesystems)0– Dump frequency (0 = do not backup)0– fsck order (0 = do not check)
Alternative with specific options:
192.168.x.x:/Volumes/DAS/nfs-storage /mnt/remote-storage nfs rw,hard,intr,rsize=8192,wsize=8192,timeo=14,_netdev 0 0Advanced options:
rw– Mount read-write (explicit)hard– If NFS server becomes unavailable, retry indefinitely (vssoft)intr– Allow interrupting NFS operationsrsize=8192– Read buffer size (8KB)wsize=8192– Write buffer size (8KB)timeo=14– Timeout for NFS requests (1.4 seconds)_netdev– Network device (wait for network at boot)
Save and exit:
- Press
Control + O - Press
Enter - Press
Control + X
Step 24: Test fstab Configuration
Important: Test before rebooting to avoid boot issues.
# Remount all filesystems in fstab
sudo mount -a
# Verify the mount succeeded
df -h | grep remote-storage
# Check for errors
dmesg | tail -20If mount fails:
- Double-check the syntax in
/etc/fstab - Ensure no typos in the path or IP address
- Verify the mount point directory exists:
ls -la /mnt/remote-storage - Check NFS is running on Mac:
sudo nfsd status
Step 25: Verify After Reboot
# Reboot Proxmox
sudo reboot
# After reboot, SSH back in
ssh root@<proxmox-ip>
# Verify NFS mounted automatically
df -h | grep remote-storage
# Check mount options
mount | grep remote-storageExpected output:
192.168.x.x:/Volumes/DAS/nfs-storage 5.0Ti 2.5Ti 2.5Ti 50% /mnt/remote-storageTroubleshooting
Problem: showmount -e shows no exports
Symptoms:
showmount -e <mac-ip>
# Output: Export list for <mac-ip>:
# (nothing listed)Diagnosis:
# On Mac
sudo nfsd status
sudo nfsd checkexports
cat /etc/exportsSolutions:
-
NFS not enabled:
sudo nfsd enable sudo nfsd status -
Syntax error in
/etc/exports:sudo nfsd checkexports # Fix any reported errors sudo nfsd restart -
NFS service crashed:
sudo nfsd restart showmount -e localhost
Problem: Mount fails with “access denied” or “permission denied”
Symptoms:
sudo mount -t nfs <mac-ip>:/path /mnt/mount-point
# Output: mount.nfs: access denied by server while mountingDiagnosis:
# On Mac - check exports allow your Proxmox IP
cat /etc/exports
# Check what network/IP is allowed
showmount -e localhostSolutions:
-
Wrong network in exports:
If your Proxmox IP is192.168.x.xbut exports shows-network 10.0.0.0, update/etc/exports:sudo nano /etc/exports # Change to correct network or add specific IP sudo nfsd restart -
Need to specify IP explicitly:
/Volumes/DAS/nfs-storage -alldirs -maproot=root:wheel 192.168.x.x -
Firewall blocking connection:
On Mac, check firewall settings:- System Settings → Network → Firewall
- Ensure NFS is allowed or firewall is disabled for testing
Problem: sandbox_check failed error
Symptoms:
sudo nfsd checkexports
# Output: exports:1: sandbox_check failed. nfsd has no read access to "/Volumes/DAS/path"This means one of three issues:
- Ownership not enabled on DAS
nfsddoesn’t have Full Disk Access- Full Disk Access hasn’t taken effect (need reboot)
Solutions:
-
Enable ownership:
sudo diskutil enableOwnership /Volumes/DAS diskutil info /Volumes/DAS | grep "Owners" # Should show: Owners: Enabled -
Verify Full Disk Access:
sudo sqlite3 /Library/Application Support/com.apple.TCC/TCC.db "SELECT * FROM access WHERE service='kTCCServiceSystemPolicyAllFiles';" | grep nfsd # Should show: .../sbin/nfsd|1|2|4|... -
Grant Full Disk Access:
2. System Settings → Privacy & Security → Full Disk Access
3. Add/sbin/nfsd
4. Reboot Mac -
Reboot is required:
sudo shutdown -r now
Problem: Mount succeeds but chown doesn’t work
Symptoms:
# On Proxmox after mounting
sudo touch /mnt/remote-storage/test.txt
ls -la /mnt/remote-storage/test.txt
# Shows: -rw-r--r-- 1 nobody nogroup ...
# Trying to change ownership fails or has no effect
sudo chown root:root /mnt/remote-storage/test.txt
ls -la /mnt/remote-storage/test.txt
# Still shows: -rw-r--r-- 1 nobody nogroup ...Diagnosis:
On Mac, check ownership status:
diskutil info /Volumes/DAS | grep "Owners"
mount | grep DASIf you see noowners in mount output, ownership is disabled.
Solution:
# On Mac
sudo diskutil enableOwnership /Volumes/DAS
# Verify
mount | grep DAS
# Should NOT show "noowners"
# Restart NFS
sudo nfsd restart
# On Proxmox, remount
sudo umount /mnt/remote-storage
sudo mount -t nfs <mac-ip>:/Volumes/DAS/nfs-storage /mnt/remote-storageProblem: File system is read-only
Symptoms:
sudo touch /mnt/remote-storage/test.txt
# Output: touch: cannot touch '/mnt/remote-storage/test.txt': Read-only file systemDiagnosis:
mount | grep remote-storage
# Check if it shows "ro" (read-only) instead of "rw" (read-write)Solutions:
-
Remount with read-write:
sudo umount /mnt/remote-storage sudo mount -t nfs -o rw <mac-ip>:/path /mnt/remote-storage -
Update /etc/exports on Mac:
Ensure export doesn’t have-roflag:sudo nano /etc/exports # Should have -maproot=root:wheel (not -ro) sudo nfsd restart -
DAS might be physically read-only:
Check if DAS has a physical write-protect switch or is full:df -h /Volumes/DAS
Problem: Mount works but is very slow
Symptoms:
- File operations take seconds or timeout
ls -lahangs for long periods- Transfers are much slower than expected
Diagnosis:
# Check mount options
mount | grep remote-storage
# Test network speed
# On Proxmox
ping <mac-ip>
iperf3 -c <mac-ip> # If iperf3 is installedSolutions:
- Network issue (using relay instead of direct):
If using Tailscale:tailscale status | grep <mac-ip> # Should show "direct" connection, not "relay"
Force direct connection
tailscale ping <mac-ip>
2. **Use larger buffer sizes:**
```bash
sudo umount /mnt/remote-storage
sudo mount -t nfs -o rsize=131072,wsize=131072 <mac-ip>:/path /mnt/remote-storage-
Use NFSv3 instead of NFSv4:
sudo umount /mnt/remote-storage sudo mount -t nfs -o vers=3 <mac-ip>:/path /mnt/remote-storage -
Update /etc/fstab with optimized options:
<mac-ip>:/path /mnt/remote-storage nfs rsize=131072,wsize=131072,hard,intr,_netdev 0 0
Problem: Mount fails at boot but works manually
Symptoms:
- After reboot, NFS share is not mounted
df -hdoesn’t show the mount- Manual
mount -aworks fine
Diagnosis:
# Check system logs
journalctl -u remote-fs.target
systemctl status remote-fs.target
# Check fstab
cat /etc/fstab | grep remote-storageSolutions:
-
Missing
_netdevoption:
Edit/etc/fstaband ensure_netdevis present:<mac-ip>:/path /mnt/remote-storage nfs defaults,_netdev 0 0 -
Network not ready at boot:
Increase timeout in/etc/fstab:<mac-ip>:/path /mnt/remote-storage nfs timeo=30,retrans=2,_netdev 0 0 -
Enable network wait at boot:
sudo systemctl enable systemd-networkd-wait-online.service
Problem: “stale file handle” errors
Symptoms:
ls -la /mnt/remote-storage
# Output: ls: cannot access '/mnt/remote-storage': Stale file handleCause: NFS server (Mac) was rebooted or NFS service restarted while mounted on client.
Solution:
# Force unmount
sudo umount -f /mnt/remote-storage
# Or if that fails, lazy unmount
sudo umount -l /mnt/remote-storage
# Remount
sudo mount -aSecurity Considerations
Network Isolation
Best Practice: Use NFS only on trusted, isolated networks.
Options:
-
Tailscale VPN (Recommended):
2. End-to-end encrypted mesh network
3. Automatic key rotation
4. Zero trust architecture
5. No port forwarding needed -
VLAN Segmentation:
2. Create dedicated VLAN for storage traffic
3. Isolate from guest networks
4. Separate from management network -
Firewall Rules:
# On Mac, use pfctl or Application Firewall # Only allow NFS from specific IP
Authentication and Authorization
Limitations of NFS:
- No built-in encryption (use VPN for encrypted transport)
- UID/GID mapping relies on trust
- Root squashing can be bypassed with
-maproot
Recommendations:
-
Restrict by IP address:
/Volumes/DAS/nfs-storage -maproot=root:wheel 192.168.x.x -
Use read-only exports when possible:
/Volumes/DAS/read-only-data -ro -mapall=nobody:nobody 192.168.x.x -
Consider NFSv4 with Kerberos (advanced, beyond scope of this tutorial)
Data Integrity
Backup Strategy:
- NFS is not a backup – it is shared storage
- Implement proper backup solution (Time Machine, Duplicati, Restic)
- Test restore procedures regularly
RAID/Redundancy:
- Single DAS has no redundancy
- Consider RAID configuration for critical data
- Or replicate to second location
Monitoring
Set up monitoring for:
- NFS service status on Mac
- Mount status on Proxmox
- Available disk space
- Network connectivity
Example monitoring script (on Proxmox):
#!/bin/bash
# /usr/local/bin/check-nfs-mount.sh
MOUNT_POINT="/mnt/remote-storage"
if ! mountpoint -q "$MOUNT_POINT"; then
echo "NFS mount $MOUNT_POINT is not mounted!"
# Send alert (email, ntfy, etc.)
exit 1
fi
# Check if writable
if ! touch "$MOUNT_POINT/.test" 2>/dev/null; then
echo "NFS mount $MOUNT_POINT is not writable!"
# Send alert
exit 1
fi
rm -f "$MOUNT_POINT/.test"
echo "NFS mount $MOUNT_POINT is healthy"
exit 0Performance Optimization
Network Performance
1. Use Wired Connection:
- Gigabit Ethernet minimum
- 10GbE for high-performance workloads
- Avoid Wi-Fi for NFS if possible
2. Optimize NFS Buffer Sizes:
# In /etc/fstab
<mac-ip>:/path /mnt/mount nfs rsize=131072,wsize=131072,_netdev 0 0Buffer size guidelines:
- Default: 8192 bytes (8KB)
- Gigabit: 65536 bytes (64KB)
- 10 Gigabit: 131072 bytes (128KB)
3. Enable Async Writes:
# In /etc/fstab (better performance, slightly less safe)
<mac-ip>:/path /mnt/mount nfs async,_netdev 0 0⚠️ Warning: async improves performance but data may be lost if server crashes before sync.
Mac Performance
1. Disable Spotlight Indexing on DAS:
# On Mac
sudo mdutil -i off /Volumes/DAS2. Increase NFS Server Threads:
# On Mac - increase from default 8 threads to 16
sudo nfsd -n 163. Disable Time Machine on NFS-exported directories:
- Exclude
/Volumes/DAS/nfs-storagefrom Time Machine backups - Time Machine activity can slow NFS operations
Client (Proxmox) Performance
1. Increase NFS Client Threads:
# Edit /etc/modprobe.d/nfs.conf
echo "options nfs callback_nr_threads=16" | sudo tee /etc/modprobe.d/nfs.conf
# Reload module (requires unmounting NFS first)
sudo modprobe -r nfs
sudo modprobe nfs2. Use NFSv4.1 or 4.2:
# In /etc/fstab
<mac-ip>:/path /mnt/mount nfs vers=4.2,_netdev 0 03. Mount with noatime:
# Reduces write operations
<mac-ip>:/path /mnt/mount nfs noatime,_netdev 0 0Benchmarking
Test NFS performance:
# On Proxmox, after mounting NFS
# Test write speed
dd if=/dev/zero of=/mnt/remote-storage/testfile bs=1M count=1024
# Observe: 1 GiB written in X seconds = Y MB/s
# Clear cache
sync; echo 3 | sudo tee /proc/sys/vm/drop_caches
# Test read speed
dd if=/mnt/remote-storage/testfile of=/dev/null bs=1M
# Observe: 1 GiB read in X seconds = Y MB/s
# Clean up
rm /mnt/remote-storage/testfileExpected performance:
- Gigabit Ethernet: 60-110 MB/s
- 10 Gigabit Ethernet: 400-900 MB/s
- Tailscale (DERP relay): 10-40 MB/s
- Tailscale (direct): Near LAN speeds
Alternative: SMB/CIFS Instead of NFS
If you encounter persistent issues with NFS or need simpler configuration, consider using SMB (Samba) instead:
Advantages of SMB over NFS on macOS:
- ✅ No Full Disk Access required
- ✅ Works with exFAT/NTFS drives
- ✅ Easier permission handling
- ✅ Better macOS integration
- ✅ No ownership issues
Quick SMB Setup
On Mac:
- System Settings → General → Sharing
- Enable “File Sharing”
- Add
/Volumes/DAS/storageto shared folders - Set permissions for network users
On Proxmox:
# Install CIFS utilities
apt install cifs-utils -y
# Mount via SMB
sudo mount -t cifs //mac-ip/shared-folder /mnt/remote-storage
-o username=yourusername,password=yourpassword,uid=1000,gid=1000
# Add to /etc/fstab
//mac-ip/shared-folder /mnt/remote-storage cifs credentials=/root/.smbcredentials,uid=1000,gid=1000,_netdev 0 0Conclusion
You have successfully configured NFS to share a Mac-attached DAS with a Proxmox server. This setup provides:
✅ Network-accessible storage from Mac DAS
✅ Secure access via Tailscale or isolated network
✅ Automatic mounting at boot via /etc/fstab
✅ Proper permissions with Unix ownership
✅ Enterprise-grade file sharing using NFS protocol
Key Achievements
-
Understood macOS NFS challenges:
2. External drive ownership (noownersissue)
3. Sandbox restrictions and Full Disk Access
4. Correctnfsdbinary location (/sbin/nfsd)
5. Symlink limitations in exports -
Configured Mac as NFS server:
2. Enabled ownership on APFS volume
3. Created and configured/etc/exports
4. Granted Full Disk Access tonfsd
5. Validated exports are accessible -
Mounted NFS on Proxmox:
2. Tested connectivity and permissions
3. Made mount persistent via/etc/fstab
4. Verified read/write access
5. Optimized performance settings
Maintenance Checklist
Weekly:
- [ ] Verify NFS mount is healthy
- [ ] Check available disk space
- [ ] Review any error logs
Monthly:
- [ ] Test backup/restore procedures
- [ ] Verify NFS service after Mac updates
- [ ] Check network performance
After Mac Updates:
- [ ] Verify NFS service is still running
- [ ] Check Full Disk Access permissions (may reset)
- [ ] Validate exports configuration
After Proxmox Updates:
- [ ] Verify mount persists after reboot
- [ ] Check
/etc/fstabhasn’t been modified - [ ] Test read/write access
Further Learning
- Advanced NFS: Kerberos authentication, NFSv4 ACLs
- Performance Tuning: Advanced mount options, network optimization
- High Availability: Failover configurations, multiple NFS servers
- Security Hardening: SELinux, AppArmor, advanced firewall rules
Resources
- Apple NFS Documentation:
man exports,man nfsd,man nfs.conf - Linux NFS Guide:
man nfs,man mount.nfs - Tailscale Docs: https://tailscale.com/kb/
- Proxmox Wiki: https://pve.proxmox.com/wiki/Storage:_NFS
Appendix: Quick Reference Commands
Mac (NFS Server)
# Enable ownership on external drive
sudo diskutil enableOwnership /Volumes/DAS
# Create export directory
sudo mkdir -p /Volumes/DAS/nfs-storage
sudo chown root:wheel /Volumes/DAS/nfs-storage
sudo chmod 755 /Volumes/DAS/nfs-storage
# Edit exports
sudo nano /etc/exports
# Add: /Volumes/DAS/nfs-storage -alldirs -maproot=root:wheel -network 192.168.x.0 -mask 255.255.255.0
# Enable NFS
sudo nfsd enable
# Check status
sudo nfsd status
sudo nfsd checkexports
showmount -e localhost
# Restart NFS
sudo nfsd restart
# Disable NFS
sudo nfsd disableProxmox (NFS Client)
# Install NFS client
apt update && apt install nfs-common -y
# Test connectivity
showmount -e <mac-ip>
ping <mac-ip>
# Create mount point
sudo mkdir -p /mnt/remote-storage
# Mount NFS share
sudo mount -t nfs <mac-ip>:/Volumes/DAS/nfs-storage /mnt/remote-storage
# Verify mount
df -h | grep remote-storage
mount | grep remote-storage
# Test access
sudo touch /mnt/remote-storage/test.txt
ls -la /mnt/remote-storage/
# Unmount
sudo umount /mnt/remote-storage
# Add to fstab for persistent mount
sudo nano /etc/fstab
# Add: <mac-ip>:/Volumes/DAS/nfs-storage /mnt/remote-storage nfs defaults,_netdev 0 0
# Test fstab
sudo mount -a
# Remount all
sudo mount -aTroubleshooting Commands
# Mac
diskutil info /Volumes/DAS | grep "Owners"
mount | grep DAS
sudo nfsd checkexports
ps aux | grep nfsd
sudo launchctl list | grep nfs
# Proxmox
showmount -e <mac-ip>
mount | grep remote-storage
journalctl -u remote-fs.target
dmesg | grep -i nfs
systemctl status remote-fs.targetTutorial Complete! You now have a fully functional NFS setup between your Mac and Proxmox server.