• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Tunnel nfs trough ssh

bbzz

Aspiring Daemon

Thanks: 128
Messages: 874

#1
Is it possible, on FreeBSD, to tunnel nfs over ssh using multiple tunnels, and how? I would prefer to keep only ssh port open to Internet, and using vpn is not currently possible.
 

bbzz

Aspiring Daemon

Thanks: 128
Messages: 874

#3
Thanks. I tried that before but it fails; this is what I did:

Make server mountd listen on 32767. Then on client:

[CMD=""]ssh bbzz@A.B.C.D -v -p8022 -N -L 5000:localhost:2049 sleep 60m[/CMD]
[CMD=""]ssh bbzz@A.B.C.D -v -p8022 -N -L 5001:localhost:32767 sleep 60m[/CMD]

Then add entry in fstab:
Code:
localhost:/storage/data /media nfs ro,hard,intr,port=5000,mountport=5001 0 0
and then mount.

Also tried:
[CMD=""]sudo mount_nfs -o port=5000,mountport=5001,tcp localhost:/storage/data /media[/CMD]

In any case end result is:
Code:
[tcp] localhost:/storage/data: RPCMNT: clnt_create: RPC: Port mapper failure - RPC: Timed out
 

bbzz

Aspiring Daemon

Thanks: 128
Messages: 874

#4
Any other suggestions? Is this possible at all? I understand there could be some issue due to RPC dynamic bindings.
 

SirDice

Administrator
Staff member
Administrator
Moderator

Thanks: 5,993
Best answers: 10
Messages: 26,750

#5
To be honest I've tried to do the same thing some time ago. Never got it to work and ended up using something else.

It should be possible but I think the dynamic nature of NFS (regarding network ports) make it rather difficult to pull off.
 

bbzz

Aspiring Daemon

Thanks: 128
Messages: 874

#8
Well, NFSv4 now combines features into single RPC, so you only need one port.

With older NFS versions, you needed another tunnel to make it really work. I never got it to work with older versions (which is not to say it's impossible).

But, with NFSv4 you just need one, something like:
% ssh -2 -f -N -L 3049:127.0.0.1:2049 bbzz@a.b.c.d

Now I could mount the package directory of my building server with say:
# mount -o nfsv4 -o port=3049 localhost:/usr/ports/packages /mnt

Couple of nice things, first, since the user created the tunnel this could ease some administration which now doesn't need direct root (obvious, but nice).

Also, since ssh initiates its own connection sourced from a tunnel endpoint, server security can be tightened even more to accept connections from say, only 127.0.0.1.
 

Rastko

Member

Thanks: 1
Messages: 81

#9
old thread, but a new (?) idea

how about doing this?

Code:
MOUNTDPORT = `[file]ssh[/file] [i] (execute command and exit) user@server[/i] [b] rpcinfo -p | awk '/.* 1 .*tcp.*mountd/ {print $4}'[/b]`
[file]ssh[/file] [i](background tunneling optons) user@server[/i] [b]localport:server:${MOUNTDPORT}[/b]
 
Top