Thursday, September 24, 2020

How To Setup NFS Server on CentOS 7 / RHEL 7

 NFS stands for Network File System, helps you to share files and folders between Linux / Unix systems, developed by SUN Microsystems in 1990. NFS enables you to mount a remote share locally.

This guide helps you to setup NFS server on CentOS 7 / RHEL 7.

Benefits of NFS

  • File / Folder sharing between *nix systems
  • Allows to mount remote filesystems locally
  • Can be acted as Centralized Storage system
  • It can be used as a Storage Domain ( Datastore) for VMware and other Virtualization Platform.
  • Allows applications to share configuration and data files with multiple nodes.
  • Allows having updated files across the share.

Important Services

The following are the important NFS services, included in nfs-utils packages.

rpcbind: The rpcbind server converts RPC program numbers into universal addresses.

nfs-server: It enables clients to access NFS shares.

nfs-lock / rpc-statd: NFS file locking. Implement file lock recovery when an NFS server crashes and reboots.

nfs-idmap: It translates user and group ids into names, and to translate user and group names
into ids

Important Configuration Files

You would be working mainly on below configuration files to setup NFS server and Clients.

/etc/exports: It is the main configuration file, controls which file systems are exported to remote hosts and specifies options.

/etc/fstab: This file is used to control what file systems including NFS directories are mounted when the system boots.

/etc/sysconfig/nfs: This file is used to control which ports the required RPC services run on.

/etc/hosts.allow and /etc/hosts.deny: These files are called TCP wrappers, controls the access to the NFS server. It is used by NFS to decide whether or not to accept a connection coming in from another IP address.

Environment

Here, I will use CentOS 7 minimal for this demo. This guide should also work on Oracle Linux and Fedora systems.

NFS Server

Host Name: server.itzgeek.local (CentOS 7)
IP Address: 192.168.1.10/24

NFS Client

Host Name: client.itzgeek.local (CentOS 7)
IP Address: 192.168.1.20/24

Configure NFS Server

Install NFS Server

Install the below package for NFS server using the yum command.

yum install -y nfs-utils

Once the packages are installed, enable and start NFS services.

systemctl start nfs-server rpcbind
systemctl enable nfs-server rpcbind

Create NFS Share

Now, let’s create a directory to share with the NFS client. Here I will be creating a new directory named nfsfileshare in the / partition.

You can also share your existing directory with NFS.

mkdir /nfsfileshare

Allow NFS client to read and write to the created directory.

chmod 777 /nfsfileshare/

We have to modify /etc/exports file to make an entry of directory /nfsfileshare that you want to share.

vi /etc/exports

Create a NFS share something like below.

/nfsfileshare 192.168.1.20(rw,sync,no_root_squash)

/nfsfileshare: shared directory

192.168.1.20IP address of client machine. We can also use the hostname instead of an IP address. It is also possible to define the range of clients with subnet like 192.168.1.0/24.

rw: Writable permission to shared folder

sync: All changes to the according filesystem are immediately flushed to disk; the respective write operations are being waited for.

no_root_squashBy default, any file request made by user root on the client machine is treated as by user nobody on the server. (Exactly which UID the request is mapped to depends on the UID of user “nobody” on the server, not the client.) If no_root_squash is selected, then root on the client machine will have the same level of access to the files on the system as root on the server.

You can get to know all the option in the man page man exports or here.

Export the shared directories using the following command.

exportfs -r

Extras:

exportfs -v: Displays a list of shares files and export options on a server.
exportfs -a: Exports all directories listed in /etc/exports.
exportfs -u: UnExport one or more directories.
exportfs -r: ReExport all directories after modifying /etc/exports.

After configuring NFS server, we need to mount that shared directory in the NFS client.

Configure Firewall

We need to configure the firewall on the NFS server to allow NFS client to access the NFS share. To do that, run the following commands on the NFS server.

firewall-cmd --permanent --add-service mountd
firewall-cmd --permanent --add-service rpc-bind
firewall-cmd --permanent --add-service nfs
firewall-cmd --reload

Configure NFS client

Install NFS Client

We need to install NFS packages on NFS client to mount a remote NFS share. Install NFS packages using below command.

yum install -y nfs-utils

Check NFS Share

Before mounting the NFS share, I request you to check the NFS shares available on the NFS server by running the following command on the NFS client.

Replace the IP Address with your NFS server IP Address or hostname.
showmount -e 192.168.1.10

Output:

Export list for 192.168.1.10:
/nfsfileshare 192.168.1.20

As per the output, the /nfsfileshare is available on the NFS server (192.168.1.10) for the NFS client (192.168.1.20).

Extras:

showmount -e : Shows the available shares on your local machine (NFS Server).
showmount -e <server-ip or hostname>: Lists the available shares on the remote server

Mount NFS Share

Now, create a directory on NFS client to mount the NFS share /nfsfileshare which we have created in the NFS server.

mkdir /mnt/nfsfileshare

Use below command to mount a NFS share /nfsfileshare from NFS server 192.168.1.10 in /mnt/nfsfileshare on NFS client.

mount 192.168.1.10:/nfsfileshare /mnt/nfsfileshare

Verify the mounted share on the NFS client using mount command.

mount | grep nfs

Output:

ssunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw,relatime)
nfsd on /proc/fs/nfsd type nfsd (rw,relatime)
192.168.1.10:/nfsfileshare on /mnt/nfsfileshare type nfs4 (rw,relatime,vers=4.1,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.1.20,local_lock=none,addr=192.168.1.10)

Also, you can use the df -hT command to check the mounted NFS share.

df -hT

Output:

Filesystem                 Type      Size  Used Avail Use% Mounted on
/dev/mapper/centos-root    xfs        50G  1.2G   49G   3% /
devtmpfs                   devtmpfs  485M     0  485M   0% /dev
tmpfs                      tmpfs     496M     0  496M   0% /dev/shm
tmpfs                      tmpfs     496M  6.7M  490M   2% /run
tmpfs                      tmpfs     496M     0  496M   0% /sys/fs/cgroup
/dev/mapper/centos-home    xfs        47G   33M   47G   1% /home
/dev/sda1                  xfs      1014M  154M  861M  16% /boot
tmpfs                      tmpfs     100M     0  100M   0% /run/user/0
192.168.1.10:/nfsfileshare nfs4       50G  1.2G   49G   3% /mnt/nfsfileshare

Create a file on the mounted directory to verify the read and write access on NFS share.

touch /mnt/nfsfileshare/test

If the above command returns no error, you have working NFS setup.

Automount NFS Shares

To mount the shares automatically on every reboot, you would need to modify /etc/fstab file of your NFS client.

vi /etc/fstab

Add an entry something like below.

#
# /etc/fstab
# Created by anaconda on Wed Jan 17 12:04:02 2018
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root /                       xfs     defaults        0 0
UUID=60a496d0-69f4-4355-aef0-c31d688dda1b /boot                   xfs     defaults        0 0
/dev/mapper/centos-home /home                   xfs     defaults        0 0
/dev/mapper/centos-swap swap                    swap    defaults        0 0
192.168.1.10:/nfsfileshare /mnt/nfsfileshare    nfs     nosuid,rw,sync,hard,intr  0  0

Save and close the file.

Reboot the client machine and check whether the share is automatically mounted or not.

reboot

Verify the mounted share on the NFS client using mount command.

mount | grep nfs

Output:

sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw,relatime)
192.168.1.10:/nfsfileshare on /mnt/nfsfileshare type nfs4 (rw,nosuid,relatime,sync,vers=4.1,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.1.20,local_lock=none,addr=192.168.1.10)

If you want to unmount that shared directory from your NFS client after you are done with the file sharing, you can unmount that particular directory using umount command.

umount /mnt/nfsfileshare

Conclusion

You have set up NFS Server and NFS Client on CentOS 7 / RHEL 7 successfully. If you wish not to use static mounts, you can configure AutoFS on CentOS 7 to mount NFS share only when a user accesses them.

Thursday, April 2, 2020

How To Change CIFS Share Mount Permissions Linux

How To Change CIFS Share Mount Permissions Linux

Wednesday, February 19, 2020

Linux ethtool Examples to Manipulate Ethernet Card (NIC Card)

Ethtool utility is used to view and change the ethernet device parameters.

1. List Ethernet Device Properties

When you execute ethtool command with a device name, it displays the following information about the ethernet device.
# ethtool eth0
Settings for eth0:
        Supported ports: [ TP ]
        Supported link modes:   10baseT/Half 10baseT/Full
                                100baseT/Half 100baseT/Full
                                1000baseT/Full
        Supports auto-negotiation: Yes
        Advertised link modes:  10baseT/Half 10baseT/Full
                                100baseT/Half 100baseT/Full
                                1000baseT/Full
        Advertised auto-negotiation: Yes
        Speed: 100Mb/s
        Duplex: Full
        Port: Twisted Pair
        PHYAD: 1
        Transceiver: internal
        Auto-negotiation: on
        Supports Wake-on: d
        Wake-on: d
        Link detected: yes
This above ethtool output displays ethernet card properties such as speed, wake on, duplex and the link detection status. Following are the three types of duplexes available.
  • Full duplex : Enables sending and receiving of packets at the same time. This mode is used when the ethernet device is connected to a switch.
  • Half duplex : Enables either sending or receiving of packets at a single point of time. This mode is used when the ethernet device is connected to a hub.
  • Auto-negotiation : If enabled, the ethernet device itself decides whether to use either full duplex or half duplex based on the network the ethernet device attached to.

2. Change NIC Parameter Using ethtool Option -s autoneg

The above ethtool eth0 output displays that the “Auto-negotiation” parameter is in enabled state. You can disable this using autoneg option in the ethtool as shown below.
# ifdown eth0
    eth0      device: Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet (rev 20)
    eth0      configuration: eth-bus-pci-0000:0b:00.0

# ethtool  -s eth0 autoneg off

# ethtool eth0
Settings for eth0:
        Supported ports: [ TP ]
        Supported link modes:   10baseT/Half 10baseT/Full
                                100baseT/Half 100baseT/Full
                                1000baseT/Full
        Supports auto-negotiation: Yes
        Advertised link modes:  Not reported
        Advertised auto-negotiation: No
        Speed: Unknown! (65535)
        Duplex: Unknown! (255)
        Port: Twisted Pair
        PHYAD: 1
        Transceiver: internal
        Auto-negotiation: off
        Supports Wake-on: g
        Wake-on: g
        Link detected: no
# ifup eth0
After the above change, you could see that the “link detection” value changed to down and auto-negotiation is in off state.

3. Change the Speed of Ethernet Device

Using ethtool you can change the speed of the ethernet device to work with the certain network devices, and the newly assign speed value should be within the limited capacity.
# ethtool -s eth0 speed 100 autoneg off

# ethtool eth0
Settings for eth0:
        Supported ports: [ TP ]
        Supported link modes:   10baseT/Half 10baseT/Full
                                100baseT/Half 100baseT/Full
                                1000baseT/Full
        Supports auto-negotiation: Yes
        Advertised link modes:  Not reported
        Advertised auto-negotiation: No
        Speed: Unknown! (65535)
        Duplex: Unknown! (255)
        Port: Twisted Pair
        PHYAD: 1
        Transceiver: internal
        Auto-negotiation: off
        Supports Wake-on: g
        Wake-on: g
        Link detected: no
Once you change the speed when the adapter is online, it automatically goes offline, and you need to bring it back online using ifup command.
# ifup eth0
    eth0      device: Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet (rev 20)
    eth0      configuration: eth-bus-pci-0000:0b:00.0
Checking for network time protocol daemon (NTPD):                     running

# ethtool eth0
Settings for eth0:
        Supported ports: [ TP ]
        Supported link modes:   10baseT/Half 10baseT/Full
                                100baseT/Half 100baseT/Full
                                1000baseT/Full
        Supports auto-negotiation: Yes
        Advertised link modes:  Not reported
        Advertised auto-negotiation: No
        Speed: 100Mb/s
        Duplex: Full
        Port: Twisted Pair
        PHYAD: 1
        Transceiver: internal
        Auto-negotiation: off
        Supports Wake-on: g
        Wake-on: g
        Link detected: yes
As shown in the above output, the speed changed from 1000Mb/s to 100Mb/s and auto-negotiation parameter is unset.
To change the Maximum Transmission Unit (MTU), refer to our ifconfig examples article.

4. Display Ethernet Driver Settings

ethtool -i option displays driver version, firmware version and bus details as shown below.
# ethtool -i eth0
driver: bnx2
version: 2.0.1-suse
firmware-version: 1.9.3
bus-info: 0000:04:00.0

5. Display Auto-negotiation, RX and TX of eth0

View the autonegotiation details about the specific ethernet device as shown below.
# ethtool -a eth0
Pause parameters for eth0:
Autonegotiate:  on
RX:             on
TX:             on

6. Display Network Statistics of Specific Ethernet Device

Use ethtool -S option to display the bytes transfered, received, errors, etc, as shown below.
# ethtool -S eth0
NIC statistics:
     rx_bytes: 74356477841
     rx_error_bytes: 0
     tx_bytes: 110725861146
     tx_error_bytes: 0
     rx_ucast_packets: 104169941
     rx_mcast_packets: 138831
     rx_bcast_packets: 59543904
     tx_ucast_packets: 118118510
     tx_mcast_packets: 10137453
     tx_bcast_packets: 2221841
     tx_mac_errors: 0
     tx_carrier_errors: 0
     rx_crc_errors: 0
     rx_align_errors: 0
     tx_single_collisions: 0
     tx_multi_collisions: 0
     tx_deferred: 0
     tx_excess_collisions: 0
     tx_late_collisions: 0
     tx_total_collisions: 0
     rx_fragments: 0
     rx_jabbers: 0
     rx_undersize_packets: 0
     rx_oversize_packets: 0
     rx_64_byte_packets: 61154057
     rx_65_to_127_byte_packets: 55038726
     rx_128_to_255_byte_packets: 426962
     rx_256_to_511_byte_packets: 3573763
     rx_512_to_1023_byte_packets: 893173
     rx_1024_to_1522_byte_packets: 42765995
     rx_1523_to_9022_byte_packets: 0
     tx_64_byte_packets: 3633165
     tx_65_to_127_byte_packets: 51169838
     tx_128_to_255_byte_packets: 3812067
     tx_256_to_511_byte_packets: 113766
     tx_512_to_1023_byte_packets: 104081
     tx_1024_to_1522_byte_packets: 71644887
     tx_1523_to_9022_byte_packets: 0
     rx_xon_frames: 0
     rx_xoff_frames: 0
     tx_xon_frames: 0
     tx_xoff_frames: 0
     rx_mac_ctrl_frames: 0
     rx_filtered_packets: 14596600
     rx_discards: 0
     rx_fw_discards: 0

7. Troubleshoot the Ethernet Connection Issues

When there is a problem with the network connection, you might want to check (or change) the ethernet device parameters explained in the above examples, when you see following issues in the output of ethtool command.
  • Speed and Duplex value is shown as Unknown
  • Link detection value is shown as No
Upon successful connection, the three parameters mentioned above gets appropriate values. i.e Speed is assigned with known value, Duplex become either Full/Half, and the Link detection becomes Yes.
After the above changes, if the Link Detection still says “No”, check whether there are any issues in the cables that runs from the switch and the system, you might want to dig into that aspect further.
To capture and analyze packets from a specific network interface, use tcpdump utility.

8. Identify Specific Device From Multiple Devices (Blink LED Port of NIC Card)

Let us assume that you have a machine with four ethernet adapters, and you want to identify the physical port of a particular ethernet card. (For example, eth0).
Use ethtool option -p, which will make the corresponding LED of physical port to blink.
# ethtool -p eth0

9. Make Changes Permanent After Reboot

If you’ve changed any ethernet device parameters using the ethtool, it will all disappear after the next reboot, unless you do the following.
On ubuntu, you have to modify /etc/network/interfaces file and add all your changes as shown below.
# vim /etc/network/interfaces
post-up ethtool -s eth2 speed 1000 duplex full autoneg off
The above line should be the last line of the file. This will change speed, duplex and autoneg of eth2 device permanently.
On SUSE, modify the /etc/sysconfig/network/ifcfg-eth-id file and include a new script using POST_UP_SCRIPT variable as shown below. Include the below line as the last line in the corresponding eth1 adpater config file.
# vim /etc/sysconfig/network/ifcfg-eth-id
POST_UP_SCRIPT='eth1'
Then, create a new file scripts/eth1 as shown below under /etc/sysconfig/network directory. Make sure that the script has execute permission and ensure that the ethtool utility is present under /sbin directory.
# cd /etc/sysconfig/network/

# vim scripts/eth1
#!/bin/bash
/sbin/ethtool -s duplex full speed 100 autoneg off

Half Duplex, Full Duplex, and Auto-Negotiation


Introduction
The configuration of your Ethernet Card defines how effectively your servers communicate.
It is necessary to understand how Auto-Negotiation, Speed, and Duplex settings affect the transfer of data to maintain network connectivity with minimal effort.
This article will show you how to change Speed, Duplex, and Auto-Negotiation settings in Linux with ethtool commands.
tutorial on changing speed, duplex and auto-negation of NIC card
Prerequisites
  • Command-line/terminal window
  • A user account with root or sudo privileges
  • The Ethtool configuration tool installed

Half Duplex, Full Duplex, and Auto-Negotiation

Half-duplex mode allows a device to either send or receive packets in turn. A device set to this mode cannot perform both actions at the same time.
When a device’s mode is at full-duplex, it can also send and receive packets simultaneously.
visual representation of full duplex and half duplex concept
Auto-Negotiation is a mechanism by which a device automatically chooses the best performing transmission mode based on its counterparts’ characteristics. It is recommended to keep Auto-Negotiation enabled as it allows devices to choose the most efficient means for the transfer of data.

What is a Duplex Mismatch?

When a device, with enabled auto-negotiation, connects to a device that is not using this signaling method, the process does not work. The end of the connection with an active auto-negotiation is still able to detect the speed of the other end, but cannot correctly detect the duplex mode. As a rule, the auto-negotiating end of the connection is going to use half-duplex while the other end might be at full-duplex. This situation is considered a duplex mismatch.
A duplex mismatch does not stop communication completely. Single packets and small amounts of data do not cause immediate issues. However, when a large amount of data is sent from either end, the speed drops significantly. The connection is working, but the performance is reduced as the data transfer rate is asymmetrical and might lead to packet loss.

How to Use Ethtool Command to Configure NIC Settings

Ethtool is a Network Interface Card configuration command that allows you to retrieve information and change your NIC settings. These settings include SpeedDuplexAuto-Negotiation, and many other parameters.
To proceed, you’ll need to know the name of your network interface card.
To find the name of your network interface card, run the following command from the command terminal:
ifconfig
The command works with both Linux Centos 7 and Ubuntu. The output provides the name of the device interface card.
ifconfig command used to find device name
In the above example, the name of the device is enp0s3.
Now that you have determined the name of the device, check the current Speed, Auto-Negotiation, and Duplex mode settings with the command: ethtool devicename.
In our specific example the command is:
ethtool enp0s3
The output shows that the current speed is 1000Mb/s, that the Duplex is at ‘Full,’ and that Auto-Negotiation is turned on.
Terminal screen displays the status of speed, auto negotiation and duplex

Ethtool Command to Change Ethernet Adapter Settings

The ethtool –s command can be used to change the current settings by defining the values for “speed,” “duplex,” and “autoneg” in the following format
sudo ethtool –s [device_name] speed [10/100/1000] duplex [half/full] autoneg [on/off]
For example, to set the speed at 1000Mb/s, the duplex mode to ‘full’ and the auto-negotiation to ‘on’ the command would be:
sudo ethtool –s enp0s3 speed 1000 duplex full autoneg on
The ethtool [device_name] command is necessary to confirm that the changes have been applied.

Ethtool_opt Variable to Permanently Set Ethtool Command Settings

Changes made with Ethtool are by default reverted after a system is re-booted.
To apply custom settings each time a system boots edit the file for the device interface:
vi /etc/sysconfig/network-scripts/ifcfg-enp0s3
Add the desired values as a line at the end of the file using the following syntax:
ETHTOOL_OPTS="speed [100|1000|10000] duplex [half|full] autoneg [on|off]”
For example:
ETHTOOL_OPTS="speed 1000 duplex full autoneg on”
Save the changes and exit the file.
Now the changes are applied after every reboot and are permanent unless the file is altered again.

Thursday, February 13, 2020

yum repository for locally-mounted DVD on Red Hat Enterprise Linux 7

  • Once you have downloaded a DVD version of your chosen Rhel Version and copied it over to a location on your server.
  • Mount the RHEL installation ISO to a directory like /mnt/disc, e.g.:

    # mkdir -p  /mnt/disc
    # mount -o loop RHEL7.1.iso /mnt/disc
    
    If you use DVD media , you can mount like below.

    # mkdir -p  /mnt/disc
    # mount /dev/sr0  /mnt/disc
    
  • Copy the media.repo file from the root of the mounted directory to /etc/yum.repos.d/ and set the permissions to 0644 or another similar permissions set:
    # cp /mnt/disc/media.repo /etc/yum.repos.d/rhel7dvd.repo
    # chmod 644 /etc/yum.repos.d/rhel7dvd.repo
    
  • Edit the new repo file, changing the gpgcheck=0 setting to 1 and adding the following 3 lines
    vi /etc/yum.repos.d/rhel7dvd.repo
    enabled=1
    baseurl=file:///mnt/disc/
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
    
    In the end, the new repo file could look like the following
    [InstallMedia]
    name=DVD for Red Hat Enterprise Linux 7.1 Server
    mediaid=1359576196.686790
    metadata_expire=-1
    gpgcheck=1
    cost=500
    enabled=1
    baseurl=file:///mnt/disc/
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
    
  • Clear the cache and check whether you can get the packages list from the DVD repo
    # yum clean all
    # yum repolist enabled
  • It should look like the following if no other repository is enabled.
    To avoid any corruption its recommend to disable any non-redhat repositories.
# yum repolist enabled
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
repo id                                                                                 repo name                                                                     
InstallMedia                                                                        Red Hat Enterprise Linux 7.7 
repolist: 5,229
  • If no errors are returned, the following can be used to update:
    # yum update

Tuesday, February 11, 2020

Linux Kernel Modules - Load, Unload, Configure

Linux allows the Kernel to be configured at run time, to enable or disable different services as you see fit. This way you don't have to compile a monolithic kernel, and can save some memory usage. Some modules you'll only need for a short time, others you'll need all the time. You can configure your Linux machine to load kernel modules on startup so you don't have to remember to do that when (if) you reboot.

Module Commands

There are a few commands that allow you to maniuplate the kernel. Each is quickly described below, for more information say `man [command]`.
  • depmod - handle dependency descriptions for loadable kernel modules.
  • insmod - install loadable kernel module.
  • lsmod - list loaded modules.
  • modinfo - display information about a kernel module.
  • modprobe - high level handling of loadable modules.
  • rmmod - unload loadable modules.
The usage of the commands is demonstrated below, it is left as an excerise to the reader to fully understand the commands.

Using Module Commands

Below the different kernel module commands are demonstrated
# Show the module dependencies.
depmod -n

# Install some module
insmod --autoclean [modnam]

# This lists all currently loaded modules, lsmod takes no useful parameters
lsmod 

# Display information about module eepro100
modinfo --author --description --parameters eepro100

# Removing a module (don't use the example)
rmmod --all --stacks ip_tables

Module Configuration Files

The kernel modules can use two different methods of automatic loading. The first method (modules.conf) is my preferred method, but you can do as you please.
  • modules.conf - This method load the modules before the rest of the services, I think before your computer chooses which runlevel to use
  • rc.local - Using this method loads the modules after all other services are started
Using 'modules.conf' will require you to say `man 5 modules.conf`. Using 'rc.local' requires you to place the necessary commands (see above) in the right order.

Sample modules.conf

# modules.conf - configuration file for loading kernel modules
# Create a module alias parport_lowlevel to parport_pc
alias parport_lowlevel parport_pc
# Alias eth0 to my eepro100 (Intel Pro 100)
alias eth0 eepro100
# Execute /sbin/modprobe ip_conntrack_ftp after loading ip_tables
post-install ip_tables /sbin/modprobe ip_conntrack_ftp
# Execute /sbin/modprobe ip_nat_ftp after loading ip_tables
post-install ip_tables /sbin/modprobe ip_nat_ftp

Sample rc.local

#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.

/sbin/insmod ip_tables
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp

Conclusion

You should see/know that modules are necessary. They can be loaded via 'modules.conf' or 'rc.local', but 'modules.conf' load them first and 'rc.local' loads them last. Using the various module commands you can add, remove, list or get information about modules.