[Masq] IP Masquerading + NFS.

Omri Schwarz --- Tue, 16 Mar 1999 23:42:57 -0500

Hi,

I'm setting up a masqueraded LAN which employs one real IP address.
The machines behind this gateway need to mount NFS servers using
Linux, Irix, and SunOS.

i.e.:

server1            server 2           server3
   |                 |                 |
   -----------------------------------------------MasqGateway ---
                                                                |
   -------------------------------------------------------------
    |                           |
  client1                    client2 ... (IP# 192.162.foo.bar)

the gateway and clients are all Linux boxes.

This is problematic. I've gone to many places
to ask on how to make this work.

Presumably, each server has to be ordered to serve
the MasqGateway's IP address

IOW cat> /etc/exports
/foo MasqGateway(rw), 

and them each client will be able to do
mount -t nfs server:/foo /bar

Except, Masquerading can cause confusion with the server and gateway
if the portmapping isn't handled gracefully, since NFS uses UDP.

With these problems (or others), the Sunos 5.5 server, and Irix server
refuse to be mounted by the clients, saying "permission denied," and I'm
also
concerned that the Gateway wil be confused on which client should get 
various packets sent by a given server.

As for permission denied, a Linux server being asked to
serve files said this:


Mar 13 08:08:00 blurgle mountd[277]:NFS mount of /baz/bar attempted from 
22.22.22.22
Mar 13 08:08:00 blurge mountd[277]: NFS request from 
foo.nmr.mgh.harvard.edu originated on insecure port, 
psychoanalysis suggested 
Mar 13 08:08:00 blurgle mountd[277]: Blocked attempt of 22.22.22.22 to 
mount /baz/bar

Changing the export permission to (rw,insecure) solved this
problem and mounts are now proceeding.

So, I am asking: how do I get NFS mounts to proceed gracefully
by way of a masquerading gateway? 

1. Do Solaris and Irix have the option of changing the NFS directive?
2. Can I use the firewall administration tools or something else to
have the gateway help with the portmapping?
3. Should I just use necromancy?

(Changing OS's of the servers or clients is not an option.)

Thanks in advance!


Please CC to [EMAIL PROTECTED],
(not sure my subscription is running yet)
and I intend to compile responses for addition to the 
Linux NFS howto. (If need be, names will be changed to protect
the guilty :-)


-- 
Omri Schwarz --- 
Timeless wisdom of biomedical engineering:
"Noise is principally due to the presence of the 
patient." -- R.F. Farr




_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
http://tiffany.indyramp.com/mailman/listinfo/masq
Admin requests can be handled by web (above) or [EMAIL PROTECTED]
[Masq] IP Masquerading + NFS.

Reply via email to
