Hello All, while looking around on the net I came across this NFS via SSH that you might be interested in taking a look at.
http://www.math.ualberta.ca/imaging/snfs/ Cheers, Lonnie > Would NFS tunneled through SSH be acceptable? > > dbc. > > > On Tue, 29 Jan 2002, Lonnie Cumberland wrote: > >> Hi Nicolas, >> >> I think that after much thought that I will opt to try to >> explain to them the security problems of using NFS over the >> firewall and try to use another solution instead. >> >> Thanks for all of the help to you and everyone on the list who >> always seems to try to answer most of my seemingly dumb >> questions. >> >> Cheers, >> Lonnie >> >> > Hi Lonnie! >> > >> > > Actually was are still a amall company and this particular >> > > job if for some friends, a research group the university who >> > > has recently had problems, who will not listen to reason >> > > about the problems of port- forwarding services like NFS. >> > > With that in mind, I told them that I would help get them as >> > > secure as >> > > possible given their specific >> > > requirements. >> > >> > Sorry, that's what I realized when I rethought about this (ie >> > that it must have been something not internal to your >> > company...). >> > >> > BTW, I hope these people are not in CS... >> > >> > > Like many people in the academic arena, it will take getting >> > > hacked and attacked a few time before they realize that they >> > > should have listened to more well informed people in the >> > > past, like me, who has tried very hard to get them out of >> > > the current mentality of "patch- work" until the next >> > > problem. >> > >> > If these weren't your friends I would almost be tempted to >> > suggest that you get this in writing that they prefer that >> > solution over a more secure one (after being informed of the >> > security implications).... (Some good ol' CUA...) >> > >> > > So, being this, I will simple try to make the best out of >> > > what they have and will let get done. >> > >> > The problem seem to be that NFS doesn't seem to be very >> > firewall friendly... >> > >> > > These guys will learn with time I am sure. >> > >> > For their sake I hope so... (and before they get seriously >> > hacked) >> > >> >> After making some changes to the firewall and setting up the >> >> port- forwarding for sunrpc and nfs on udp packets, I am no >> >> longer getting an RPC time out but now just: >> > > mount: RPC: Unable to receive; errno = Connection refused >> > >> > This might seem like a dumb question (and sorry if you >> > mentionned the answer to this one before, I couldn't find it) >> > but where they communicating with each other before the >> > firewall was installed? >> > >> > Anything in the logs? >> > >> > I haven't "played" with NFS recently but if I had that message >> > I think I would check if I got the appropriate/relevant >> > entries in hosts.allow & hosts.deny (ie lines for portmap, >> > lockd, mountd, rquotad & statd). >> > >> > [The text at the following URL might be useful in getting this >> > right: >> > <http://www.smartcomputing.com/editorial/article.asp? >> article=articles%2F2001%2Fs1206%2F48s06web%2F48s06web%2Easp>] >> > >> > (Sorry, this might be two long for the mailing list, you'll >> > probably have to cut & paste it...) >> > >> >> >> >> on the client machine when I try to mount the directory. >> >> >> >> The client can been seen on the DNS as well as the server has >> >> the client IP in its hosts file. >> > >> > I assumed here that you meant the hosts files and not the >> > hosts.allow & hosts.deny file, sorry if that was not the >> > case... >> > >> >> >> >> Any ideas from here? >> >> >> > >> > BTW, did you try opening the ports mentionned in the messages >> > I posted? Apparently it's not easy getting them right but I do >> > believe one of the messages actually mentionned a way of >> > finding them out (rpcinfo -p or rpcinfo -p localhost) >> > >> > I did see a mention at the following URL >> > <http://www.io.com/help/linux/NFS-HOWTO-5.html> (NFS and >> > firewalls) that it might be possible to change the ports used >> > by NFS to some specific ports but how this is done I >> > unfortunatly don't know (sorry...). >> > >> > Have a nice day & good luck! >> > >> > Nick >> > >> > >> > _______________________________________________ >> > Leaf-user mailing list >> > [EMAIL PROTECTED] >> > https://lists.sourceforge.net/lists/listinfo/leaf-user >> >> >> -- Lonnie Cumberland OutStep Technologies Incorporated (313) 832-7366 URL: http://www.outstep.com EMAIL: [EMAIL PROTECTED] : [EMAIL PROTECTED] _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
