NFS on Kodi : Setting Up in 2023

Share This Article

For the longest time, I have always being running NFS on Kodi. That means when I choose how to link my Kodi to my Synology, I always choose to use NFS over SMB etc.

In fact, I even have an article back in Oct 2013 on using NFS in Synology and XMBC (now Kodi).

Now recently I made some quite substantial changes to my Synology NAS. I will share some of the changes in this blog post soon. One of the changes was increasing the RAM of the DS1520+. I will write a few more soon, including the use of Synology Drive Client, moving away from Dropbox to hosting my files on my Synology etc.

But as part of these changes, I started to do some house cleaning of the Synology. This is especially so as I started to host private files in Synology (rather than Dropbox and saving money in the process). So security becomes slightly more important. I mean, in the past, it was just photos and videos. Now it has some more stuff, so I began to pay a little more attention than just simply setting up 2FA on Synology.

The Synology Security Advisor on NFS

For the longest time, I am seeing this error on my Synology Security Advisor. That my NFS permission rules are too liberal

Synology Security Advisor on NFS on Kodi
Synology Security Advisor on NFS

That is because I allowed all IPs to access my NFS. If you look at the following setting, you can see that all IPs (the * in the first line) has used the admin rights to my NFS rule to access a particular share (that share is my VIDEO share folder).

NFS rules in Kodi
NFS rules in Kodi

This was a quick and easy way to set up NFS on Kodi and it usually worked.

Till it does not.

Why did my NFS on Kodi suddenly not worked

So as mentioned earlier, I have started to clean up my Synology a little. One of the main things I have done a long while ago (as advised by many experts) was to deactivate the “admin” and the “guest” accounts.

I did that long ago.

Deactivated Admin and Guest
Deactivated Admin and Guest

You can deactivate an “admin account” or a “guest account” for Synology by doing that in the users settings page.

deactivated guest account for Synology
deactivated guest account for Synology

But what I did not do (when I deactivated the account) was to remove these accounts’ access to shared folders. In other words, even though these accounts have been deactivated, apparently somehow they still have access to the shared folders that they were part of the group. Example, “admin” was part of the admin group and “guest” was part of the user group. And both groups still have access to my Video Shared Folder.

Guest still is part of the "users" system default group
Guest still is part of the “users” system default group

So what happened was I “broke” my Kodi NFS access to the shared folder. I removed all the “admin” and “guest” access to the shared folders and suddenly my Kodi no longer has access to the Video Shared Folder. Remember that I deactivated these two accounts a long time ago and NFS on Kodi was still working even though I deactivated these accounts. It no longer worked the moment I removed the “Shared Folder” access for these accounts.

So apparently, for this NFS setting to work, it does require the admin account to have access to the shared folder you want the NFS to work. I mean, after all, you stated that you want “admin” to have access (map root to admin).

NFS is mapped to admin
NFS is mapped to admin

How I solve the Guest access to NFS

So for the longest time, I had “map root to admin” for the NFS set up in the NFS setting in Synology for use with Kodi.

I changed that to “map to guest”.

Mapping NFS to Guest
Mapping NFS to Guest

That means I no longer map “root to admin” but “all users to guest”. I feel that “guest” is safer than “admin” to keep around. Maybe. Maybe not.

I then

  • give guest access to the SHARED FOLDER (while keeping it deactivated).
  • do not give admin access to the SHARED FOLDER (or any folders)
  • continue to keep both guest and admin deactivated

Restricting IP to only the Kodi client

Okay, now I have fixed my issue of my dearest Kodi client on my Sony TV not working due to my wonderful action of removing access of “admin” (and “guest”) from the Shared Folder.

But that does not fix the security advisor issue mentioned earlier.

To that end, I decided to restrict the NFS access to just the Kodi client (instead of *.*).

To do that I need to make the Sony TV (where my Kodi client is running on Sony Android TV) to have a fixed IP. You can do that easily in the Sony TV interface. I set the Static IP address of my Sony TV to 192.168.1.33.

Then when you go to the Sony TV, you can see that Kodi client now has a fixed IP address of 192.168.1.33

Setting up Kodi to have a fixed IP
Setting up Kodi to have a fixed IP

Now going back to my Synology NFS setting, I set it up to only allow 192.168.1.33 to work for NFS on Kodi. In other words, only 192.168.1.33 client can use the NFS rule (and using the “guest” privilege) to access the Synology shared folder.

Only allowing fixed IP for NFS to Kodi
Only allowing fixed IP for NFS to Kodi

And indeed it worked.

My Sony TV (running 192.168.1.33) can now access the Synology Shared Folder over NFS on Kodi.

Accessing Kodi using NFS and a static IP
Accessing Kodi using NFS and a static IP

And my Security Advisor is a happier man now. All green ๐Ÿ™‚

Security Advisor now shows all GREEN after setting up NFS on Kodi
Security Advisor now shows all GREEN

Allowing Multiple IPs to access NFS on Kodi

But wait. We don’t always have one single Kodi client at home right. You might have it on your laptop etc. For me, I have Kodi also running on a Hisense TV (running Google TV) in the master bedroom.

So I need to also allow the Kodi client on the Hisense TV to access my Synology too.

To do that, just repeat the steps above. That means, in the Hisense TV’s Google TV OS, I set up the Hisense to have a fixed static IP. This time, the poor boy has a unlucky Chinese number of 192.168.1.44…

Again checking the Kodi interface on the Hisense TV, I can see the poor boy has a fixed IP address of 192.168.1.44

NFS on Kodi : Setting Up in 2023

And then back to my Synology DSM, I set up the NFS again. This is a new separate line that duplicates the 192.168.1.33 settings.

Except that it is for 192.168.1.44

Allow multiple static IP for NFS on Kodi
Allow multiple static IP for NFS on Kodi

So now Synology allows two clients. Two specific clients running 192.168.1.33 and 192.168.1.44 to access the VIDEO SHARED FOLDER (using “guest” as its “user”) to play videos off the Synology on the Kodi clients.

And my Security Advisor is still happy ๐Ÿ™‚

Conclusion

For the longest time, I have been running a rather insecure way of using NFS on Kodi to allow my Kodi clients at home to access my Synology server at home. Recently I have kinda of close this down using fixed static IP for my Kodi clients and then restricting the permissions of NFS in Synology to just these fixed IPs. I have also only allow “guest” to access the Synology using NFS instead of “admin”.

Share This Article

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.