>>>>> "John" == John Hunter <[EMAIL PROTECTED]> writes:
John> This works fine on my LAN, but now I want to bring in a
John> couple of machines outside my LAN (I need power, more power,
John> laughing maniacally), and I don't want to run NFS outside my
John> firewall. I've spent the afternoon trying to get sec_rpc
John> (secure RPC) working, which provides NFS via SSH tunneling,
John> but am encountering some technical difficulties.
OK, I finally got this beast working. Pretty cool -- transparent NFS
tunneling over ssh to an NFS server behind a firewall. I had a few
problems in my setup having to do with NFS version 2 versus 3 and
registering with portmapper, but it works now. In case anyone else
wants to try this thing, the home page is
http://www.math.ualberta.ca/imaging/snfs/
Here are my install notes
REMOTE is the FQDN of the firewall which forwards port 22 into the LAN
to NFSSERVER.
LOCAL is the FQDN of the NFS client that is tunneling NFS requests
over ssh to REMOTE
NFSSERVER is the LAN machine behind REMOTE, running the NFS server
-- 192.168.1.4 in my setup.
Install sec_rpc
On LOCAL and REMOTE:
./configure --prefix=/usr
make install
On NFSSERVER
1) Add the export dir to /etc/exports and export to self (FQDN)
/mpi 192.168.1.0/255.255.255.0(rw)
My NFS server exports to the entire LAN (hence itself); then
reexport the dirs:
> /usr/sbin/exportfs -r
On LOCAL:
1) restart the portmapper and nfs server to flush old settings
2) Edit /usr/etc/sfns/TEMPLATE, change version 3 to 2 as
instructed in the comment of UdpForward if necessary and make
any other changes you want. Note you can see what version your
NFS server is running by doing (on NFSERVER)
[root@NFSSEVER /sbin]# rpcinfo -u localhost nfs
program 100003 version 2 ready and waiting
My server is running version 2 so I changed UdpForward in
TEMPLATE to read:
UdpForward 100003,2:-::*:* 201000,2:100005:k:*:* 251000,2::k:-
3) Register the new service, eg
> snfshost REMOTE:201000
4) Start the proxy server, eg,
> rpc_psrv -r -d /usr/etc/snfs/REMOTE
5) Make sure the new MOUNTPROG is properly registered with the
portmapper:
> rpcinfo -p
You should see 201000 and 251000 listed for udp
6) Add an entry to /etc/fstab, as in
LOCAL:/mpi /mpi nfs
user,noauto,hard,intr,rsize=8192,wsize=8192,mountprog=201000,nfsprog=251000 0 0L
7) make the mnt point, eg,
> mkdir -p /mpi
8) Start the RPC proxy server:
> smkdirall
> rpc_psrv -r -d /usr/etc/snfs/REMOTE
Note in production mode you probably want to turn off debug
> rpc_psrv -r /usr/etc/snfs/REMOTE
There may be some more flags to set in may be some to make the
thing more efficient.
9) mount the dir:
> mount /mpi
_______________________________________________
Bits mailing list
[EMAIL PROTECTED]
http://www.sugoi.org/mailman/listinfo/bits
