[SOLVED] nfs mount via ssh tunnel

[stubing]

Has anyone set up an nfs mount through an ssh tunnel?

I have been doing a lot of reading but nothing works.

i have

<nfs client>-----<gateway>------<nfs server>

all running redhat 5

Any help would be appriciated.

[mikey99]

I am not surprised you are having trouble doing this. The problem is there is not just one port, there are many.

nfsd uses 2049, udp and tcp
portmap uses 111 udp and tcp
Also, by default, mountd, lockd, statd, and quotad use random ports assigned by portmap.

Unless the nfs server has been set up to use fixed ports instead of random ones, you may be stuck.

[meton_magis]

I think this is why most people use FTP over SSH (SFTP) instead, it is VERY hard, if not impossible to get NFS running over SSH. I'd immagine the lag would be horrendous as well.

can you tell us what you need to accomplish, maybe we can offer an alternative?

I would stick with SFTP / SCP unless you have some specific need.

[root99]

For security you should make the Nfs ports statics (/etc/sysconfig/nfs) and limit the nfs to range of ip's.(/etc/exports)
And also use NFS restict IPTABLES for the ports you have made static.
this will give you the max security for NFS and still will work very fast much more then ftp.

[le_rner]

make a directory...enter d details in /etc/exports
like
data *(rw,sync)

here '*' refers to all the ips...no restrictions but you should give a range like

data 172.24.0.0/255.255.0.0(rw,sync) - tis will only be for 172.24.x.x....

install nfs_utils package ; restart the services and check if its running using
rpcinfo -p

for ssh the ips hav to b of the same class so the entry in /etc/exports should be of the same class.Just check the shared folders using " showmount -e 'ip' " command.
simply connect through ssh and mount using -
mount NetworkIp:/dir1 /dir2

and then copy using cp -r or if your mounting from a server and then doing ssh with systems in your network then use scp. its simple!!

[scentos]

have you tried

Code:

ssh -fN -L 1234:localhost:2049 user@nfsserver

then connect to localhost:1234

[stubing]

Thanks for all the comments.

I figured it out so I thought I would post it if anyone else needed this.

<nfs_client>-----<gateway>------<nfs_server>

First on nfs sever
edit /etc/exports to include
[share_on_nfs_server] *(insecure,rw)

to get mountd port (changes at each NFS service restart):
run
rpcinfo - p localhosts | grep mountd | grep tcp | grep " 1 " | awk '{print $4}'

(assuming you are using nfs on tcp)

On gateway edit /etc/ssh/sshd_config
AllowTcpForwarding yes
GatewayPorts yes #not sure if this is needed

to make the tunnel, run on nfs_client
ssh -N -L 12345:[nfs_server]:[mountd_port] [user]@[gateway]
ssh -N -L 8888:[nfs_server]:[2049] [user]@[gateway]

to mount, run on nfs_client
mount -v -t nfs -o port=888,mountport=12345,tcp localhost:/[share_on_nfs_server] /mnt

notes:
8888 and 12345 i made up. 2049 is the NFS port
insecure is needed in the exports file to accept a mount port above 1024
it didn't work until I added tcp in the mount command, weird

and it worked, I hope this helps someone