Tunnel nfs trough ssh

Is it possible, on FreeBSD, to tunnel nfs over ssh using multiple tunnels, and how? I would prefer to keep only ssh port open to Internet, and using vpn is not currently possible.
 
Thanks. I tried that before but it fails; this is what I did:

Make server mountd listen on 32767. Then on client:

[CMD=""]ssh bbzz@A.B.C.D -v -p8022 -N -L 5000:localhost:2049 sleep 60m[/CMD]
[CMD=""]ssh bbzz@A.B.C.D -v -p8022 -N -L 5001:localhost:32767 sleep 60m[/CMD]

Then add entry in fstab:
Code:
localhost:/storage/data /media nfs ro,hard,intr,port=5000,mountport=5001 0 0

and then mount.

Also tried:
[CMD=""]sudo mount_nfs -o port=5000,mountport=5001,tcp localhost:/storage/data /media[/CMD]

In any case end result is:
Code:
[tcp] localhost:/storage/data: RPCMNT: clnt_create: RPC: Port mapper failure - RPC: Timed out
 
Any other suggestions? Is this possible at all? I understand there could be some issue due to RPC dynamic bindings.
 
To be honest I've tried to do the same thing some time ago. Never got it to work and ended up using something else.

It should be possible but I think the dynamic nature of NFS (regarding network ports) make it rather difficult to pull off.
 
Well, NFSv4 now combines features into single RPC, so you only need one port.

With older NFS versions, you needed another tunnel to make it really work. I never got it to work with older versions (which is not to say it's impossible).

But, with NFSv4 you just need one, something like:
% ssh -2 -f -N -L 3049:127.0.0.1:2049 bbzz@a.b.c.d

Now I could mount the package directory of my building server with say:
# mount -o nfsv4 -o port=3049 localhost:/usr/ports/packages /mnt

Couple of nice things, first, since the user created the tunnel this could ease some administration which now doesn't need direct root (obvious, but nice).

Also, since ssh initiates its own connection sourced from a tunnel endpoint, server security can be tightened even more to accept connections from say, only 127.0.0.1.
 
old thread, but a new (?) idea

how about doing this?

Code:
MOUNTDPORT = `[file]ssh[/file] [i] (execute command and exit) user@server[/i] [b] rpcinfo -p | awk '/.* 1 .*tcp.*mountd/ {print $4}'[/b]`
[file]ssh[/file] [i](background tunneling optons) user@server[/i] [b]localport:server:${MOUNTDPORT}[/b]
 
Back
Top