Mounting NFS over SSH

[o'riyley]

I've been agonizing over this for a couple of weeks. I am completely bewildered, and would apprecite any helpful input anyone can offer:

Im currently trying to mount an NFS drive off of a production server to a little test box i've setup so that I can route files to the server. Since NFS is so insecure, it was decided up above that I should tunnel the mount through an SSH connection. I was able to do this in a test environment, but on the production server I cannot get the mount to work.
Info:
Server - RedHat Enterprise AS 3.0
Client - RedHat Enterprise AS 2.1

What I did:
On the Server -
I modified the /etc/init.d/nfs file to "pin" mountd to port 4402.
I created the file /etc/exports and added the line
/web/htdocs/lcms 127.0.0.1(rw,all_squash,anonuid=702,anongid=702,in secure,sycn)
(702 refers to the user lcms, who has been set as the owner of the lcms folder.)
then ran #exportfs -arv, which gave the following results
exporting localhost.localdomain:/web/htdocs/lcms
reexporting localhost.localdomain:/web/htdocs/lcms to kernel
then I restart the sshd service, stop nfslock, nfs, restart portmap, start nfs and nfslock
#service sshd restart
#service nfslock stop
#service nfs stop
#service portmap restart
#service nfs start
#service nfslock start
after that I configure the firewall through iptables. I have sunrpc(111) open on tcp and udp, port 22(ssh) open on tcp and udp and ports 250,251 on tcp, udp
so that should setup the server
i can check the connection from the server to the client by running the following command on the client:
#rpcinfo -p server_ip
which gives me the following:
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
391002 2 tcp 32769 sgi_fam
100024 1 udp 38360 status
100024 1 tcp 41751 status
100011 1 udp 637 rquotad
100011 2 udp 637 rquotad
100011 1 tcp 640 rquotad
100011 2 tcp 640 rquotad
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100021 1 udp 47171 nlockmgr
100021 3 udp 47171 nlockmgr
100021 4 udp 47171 nlockmgr
100021 1 tcp 59176 nlockmgr
100021 3 tcp 59176 nlockmgr
100021 4 tcp 59176 nlockmgr
100005 1 udp 4402 mountd
100005 1 tcp 4402 mountd
100005 2 udp 4402 mountd
100005 2 tcp 4402 mountd
100005 3 udp 4402 mountd
100005 3 tcp 4402 mountd

now on the clientside i create two ssh connections to forward traffic from 250 to 2049 (nfs) and 251 to 4402 (mountd)
#ssh root@server -L 250:localhost:2049 -f sleep 60m
#ssh root@server -L 251:localhost:4402 -f sleep 60m
i can check that this succeeded by going to the server and running
#tail /var/log/messages
which gives me the following:
Jun 8 10:30:00 www sshd(pam_unix)[9032]: session opened for user root by (uid=0)
Jun 8 10:30:16 www sshd(pam_unix)[9045]: session opened for user root by (uid=0)

i then try to run a mount command
#mount -t nfs -o rw,port=250,mountport=251 localhost:/web/htdocs/lcms /web/lcms/active
this spits back an error
mount: RPC: Unable to receive; errno = Connection refused

hope someone out there can help!

[atrain]

If you had any luck, I'd like to know.
I've tried the same thing, ended up with the same errors...

I know theres a fuse plugin called sshfs or something like that though...

Also, there is this tutorial (didn't help): Sys Admin > Encrypted NFS with OpenSSH and Linux

g'luck!

[oz]

Hi, atrain!

If you need help, please start a new thread because this on is more than 2 years old already.

Regards,

oz