Re: Need a network file system with Windows client and freeBSD server

2004-07-15 Thread peter lageotakes
--- Artem Koutchine [EMAIL PROTECTED] wrote:
 Hi!
 
 I need sime kind of network file system which has a
 FreeBSD server and
 Windows clients (particulary Windows XP) and that
 FreeBSD file share
 must be mounted on Windows XP under a drive letter.
 Windows client
 is FAR FAR away and is behind nat. Traffic costs a
 lot, so that file system
 must not waste it for nothing. Of course, security
 is very important and
 security based on IP address is impossible, because
 client is behind nat.
 
 I have checked the following:
 
 1) Samba3
 
 I think i could use it with user security (not share
 or maybe mixed) but
 i am not sure about making it open to internet and
 also i think it wastes
 bandwidth. Am i wrong?
 
 2) Coda FS
 
 Nice thing, but i could not figure out how to manage
 user passwords
 and there is no working windows xp client. I tried
 it - not luck for me.
 
 3) AFS
 
 No idea is AFS Windows client exists and no FreeBSD
 server.
 
 4) NFS
 
 Well, i like it very much because we use for freebsd
 file shareing since
 year 2000. Hoever, i could not find free NFS client
 for Windows (but, hell,
 i'll buy it) but what's worse i get figure out how
 to make authorizartion based on
 user/password and not on /etc/exports. I need
 something more secure. Also,
 am not sure about bandwidth usage.
 
 Any help will be very appriciated.
 
 
 Regards,
 Artem Kuchin
 General Director of IT Legion Ltd.
 Russia, Moscow
 www.itlegion.ru
 [EMAIL PROTECTED]
 +7 095 232-0338
 
 ___
 [EMAIL PROTECTED] mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to
 [EMAIL PROTECTED]
 

Hello,
I would like to offer an appology for the off topic
response:

Just a side note about a free NFS client for Windows:
Microsoft's Windows Services for UNIX Now Available
Free of Charge
http://www.osnews.com/story.php?news_id=5675
Microsoft SFU is made by Interix.com, which in turn is
based on OpenBSD.  If I am not mistaken, they do have
an NFS client.

http://www.asia.microsoft.com/technet/itsolutions/interop/sfu/nfsauth.mspx
Client for NFS – The Windows NFS client component of
SFUv3. Client for NFS allows the machine on which it
is installed to access and use NFS resources anywhere
on the network

Pete




__
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail 
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: Need a network file system with Windows client and freeBSD server

2004-07-14 Thread Bill Moran
Artem Koutchine [EMAIL PROTECTED] wrote:
 Hi!
 
 I need sime kind of network file system which has a FreeBSD server and
 Windows clients (particulary Windows XP) and that FreeBSD file share
 must be mounted on Windows XP under a drive letter. Windows client
 is FAR FAR away and is behind nat. Traffic costs a lot, so that file system
 must not waste it for nothing. Of course, security is very important and
 security based on IP address is impossible, because client is behind nat.
 
 I have checked the following:
 
 1) Samba3
 
 I think i could use it with user security (not share or maybe mixed) but
 i am not sure about making it open to internet and also i think it wastes
 bandwidth. Am i wrong?

Don't use Samba.  It's insecure over the Internet, and it's a bandwidth
hog.  Very nice for 100mb/sec local filesystems, though.

 4) NFS
 
 Well, i like it very much because we use for freebsd file shareing since
 year 2000. Hoever, i could not find free NFS client for Windows (but, hell,
 i'll buy it) but what's worse i get figure out how to make authorizartion based on
 user/password and not on /etc/exports. I need something more secure. Also,
 am not sure about bandwidth usage.

It's slightly better than SMB, but still has both problems.  If you run it
over the Internet, you need to do some sort of encrypted tunnel on top.

I highly recommend setting up sshd on FreeBSD and using WinSCP to move
files around.  Secure, designed for slow links (thus bandwidth efficient)
and WinSCP is almost as easy to use as Windows explorer.

-- 
Bill Moran
Potential Technologies
http://www.potentialtech.com
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: Need a network file system with Windows client and freeBSD server

2004-07-14 Thread Dan Nelson
In the last episode (Jul 14), Artem Koutchine said:
 I need sime kind of network file system which has a FreeBSD server
 and Windows clients (particulary Windows XP) and that FreeBSD file
 share must be mounted on Windows XP under a drive letter. Windows
 client is FAR FAR away and is behind nat. Traffic costs a lot, so
 that file system must not waste it for nothing. Of course, security
 is very important and security based on IP address is impossible,
 because client is behind nat.

For any of the solutions you describe, you will definitely want to set
up a VPN between the client and server, and if possible have it
compress the data.  Never allow raw filesystem access to the entire
Internet :)

 1) Samba3   
 
 I think i could use it with user security (not share or maybe mixed)
 but i am not sure about making it open to internet and also i think
 it wastes bandwidth. Am i wrong?

It should be no more inefficient than any of the others, really. 
Theres a different amount of overhead for each protocol, but they're
all small compared to the actual data sent when doing a file copy, for
example.

 4) NFS
 
 Well, i like it very much because we use for freebsd file shareing
 since year 2000. Hoever, i could not find free NFS client for Windows
 (but, hell, i'll buy it) but what's worse i get figure out how to
 make authorizartion based on user/password and not on /etc/exports. I
 need something more secure. Also, am not sure about bandwidth usage.

Microsoft has a nice NFS client/server implementation in its free
Services for Unix product.  http://www.microsoft.com/windows/sfu/ . If
you use VPNs, you should be able to control the local IP number that
gets assigned to each VPN user, so you could use that to filter access
in /etc/exports (and use the -mapall flag to force specific userids for
each incoming IP).

-- 
Dan Nelson
[EMAIL PROTECTED]
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: Need a network file system with Windows client and freeBSD server

2004-07-14 Thread Artem Kuchin
  I need sime kind of network file system which has a FreeBSD server and
  Windows clients (particulary Windows XP) and that FreeBSD file share
  must be mounted on Windows XP under a drive letter. Windows client
  is FAR FAR away and is behind nat. Traffic costs a lot, so that file
system
  must not waste it for nothing. Of course, security is very important and
  security based on IP address is impossible, because client is behind
nat.
 
  I have checked the following:
 
  1) Samba3
 
  I think i could use it with user security (not share or maybe mixed) but
  i am not sure about making it open to internet and also i think it
wastes
  bandwidth. Am i wrong?

 Don't use Samba.  It's insecure over the Internet, and it's a bandwidth
 hog.  Very nice for 100mb/sec local filesystems, though.

  4) NFS
 
  Well, i like it very much because we use for freebsd file shareing since
  year 2000. Hoever, i could not find free NFS client for Windows (but,
hell,
  i'll buy it) but what's worse i get figure out how to make
authorizartion based on
  user/password and not on /etc/exports. I need something more secure.
Also,
  am not sure about bandwidth usage.

 It's slightly better than SMB, but still has both problems.  If you run it
 over the Internet, you need to do some sort of encrypted tunnel on top.

 I highly recommend setting up sshd on FreeBSD and using WinSCP to move
 files around.  Secure, designed for slow links (thus bandwidth efficient)
 and WinSCP is almost as easy to use as Windows explorer.


So, basically you are saying that there is no solution for what i need?
WinSCP does not suit my needs, because people on windows client must
be able to work on files (mostly html) using different software and it is
not just
about moving then around, but rather editing with special editors and after
editing they must see the result right away on the web server.

i hope i'll find some solution. Your idea about tunnelling is good, i need
to check if i can do it if one end of a tunnel is behind nat.

Artem

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: Need a network file system with Windows client and freeBSD server

2004-07-14 Thread Artem Kuchin
  I need sime kind of network file system which has a FreeBSD server
  and Windows clients (particulary Windows XP) and that FreeBSD file
  share must be mounted on Windows XP under a drive letter. Windows
 
 For any of the solutions you describe, you will definitely want to set
 up a VPN between the client and server, and if possible have it
 compress the data.  Never allow raw filesystem access to the entire
 Internet :)

Yes, i understand that. However, i wonder how to make a VPN
with compression and also the scheme is like this:

file server with real ip  - natd - cleints

So, clients do no have real IP addresses and stay behind
nat server which serves many people who are not the clients
of the file server. Is it possible to setup VPN in such situation?

Artem
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: Need a network file system with Windows client and freeBSD server

2004-07-14 Thread Bill Moran
Artem Kuchin [EMAIL PROTECTED] wrote:

   I need sime kind of network file system which has a FreeBSD server and
   Windows clients (particulary Windows XP) and that FreeBSD file share
   must be mounted on Windows XP under a drive letter. Windows client
   is FAR FAR away and is behind nat. Traffic costs a lot, so that file
 system
   must not waste it for nothing. Of course, security is very important and
   security based on IP address is impossible, because client is behind
 nat.
  
   I have checked the following:

 So, basically you are saying that there is no solution for what i need?
 WinSCP does not suit my needs, because people on windows client must
 be able to work on files (mostly html) using different software and it is
 not just
 about moving then around, but rather editing with special editors and after
 editing they must see the result right away on the web server.

In my experience, no, there is no solution to your problem.  The resason is
this:

1) You expect people to be able to work on mapped drives (i.e. z:)
2) You are trying to hold down the bandwidth usage

These two goals are contradictary.  You'll have to give up one or the other
(unless there's some filesystem technology out there that I'm not familiar
with)

No matter how efficient the file-sharing protocol is, the fact that you've
got the filesystem mounted as a network drive will push tons of extra
data through the pipe.  Windows is not used to high-latency links for file-
sharing, thus the performance will be noticably bad.  In my experienc,
Windows users don't understand the idea of latency either, thus they will
click on something three times when they should just wait for it to finish
loading, thus generating more bandwidth.  Also, directory listings, polling
for changes to directories and all sorts of other things that Windows does
with drives will push tons of network traffic across the link, thus driving
up your costs.

This has been my experience.  Perhaps your users are smarter and more
disciplined than the people I was working with, but mounting a network
drive under windows carries a lot of traffic with it as baggage.  I've
never measured exactly how much, but it's more than most people realize.
For example, I've found that a 1.5mb/sec T1 line isn't really fast enough
for a single SMB mounted drive.

If I were you, I'd set up some sort of tunnel and run a pilot test with
1 user.  I don't expect you'll be happy with the results, but it is possible
that I didn't set things up as well as could be the last time I did this.
Just be aware of the network traffic, as it ended up being a lot more than
I expected.

You'll probably have better results setting up some sort of terminal serer
(either VNC or MS terminal server) and allowing users to work on the remote
files that way.  Terminal servers still use a lot of bandwidth, but they're
designed for slow links, so it's not quite as bad (this may or may not be
the same in your scenerio, as working with HTML files might not generate
as much traffic as the MS Access files we were working with).

-- 
Bill Moran
Potential Technologies
http://www.potentialtech.com
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: Need a network file system with Windows client and freeBSD server

2004-07-14 Thread Dan Nelson
In the last episode (Jul 14), Artem Kuchin said:
   I need sime kind of network file system which has a FreeBSD
   server and Windows clients (particulary Windows XP) and that
   FreeBSD file share must be mounted on Windows XP under a drive
   letter. Windows
  
  For any of the solutions you describe, you will definitely want to
  set up a VPN between the client and server, and if possible have it
  compress the data.  Never allow raw filesystem access to the entire
  Internet :)
 
 Yes, i understand that. However, i wonder how to make a VPN with
 compression and also the scheme is like this:
 
 file server with real ip  - natd - cleints
 
 So, clients do no have real IP addresses and stay behind nat server
 which serves many people who are not the clients of the file server.
 Is it possible to setup VPN in such situation?

Yes, as long as the natd is set to allow the VPN packets to pass
through.  The exact packet type depends on the VPN; a tcpdump of some
part of the network between client and natd will show that (Ethereal
installed directly on the client PC should also work).

-- 
Dan Nelson
[EMAIL PROTECTED]
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: Need a network file system with Windows client and freeBSD server

2004-07-14 Thread Andrew L. Gould
On Wednesday 14 July 2004 11:26 am, Bill Moran wrote:
 Artem Kuchin [EMAIL PROTECTED] wrote:
I need sime kind of network file system which has a FreeBSD
server and Windows clients (particulary Windows XP) and that
FreeBSD file share must be mounted on Windows XP under a drive
letter. Windows client is FAR FAR away and is behind nat.
Traffic costs a lot, so that file
 
  system
 
must not waste it for nothing. Of course, security is very
important and security based on IP address is impossible,
because client is behind
 
  nat.
 
I have checked the following:
 
  So, basically you are saying that there is no solution for what i
  need? WinSCP does not suit my needs, because people on windows
  client must be able to work on files (mostly html) using different
  software and it is not just
  about moving then around, but rather editing with special editors
  and after editing they must see the result right away on the web
  server.

 In my experience, no, there is no solution to your problem.  The
 resason is this:

 1) You expect people to be able to work on mapped drives (i.e. z:)
 2) You are trying to hold down the bandwidth usage

 These two goals are contradictary.  You'll have to give up one or the
 other (unless there's some filesystem technology out there that I'm
 not familiar with)

 No matter how efficient the file-sharing protocol is, the fact that
 you've got the filesystem mounted as a network drive will push tons
 of extra data through the pipe.  Windows is not used to high-latency
 links for file- sharing, thus the performance will be noticably bad. 
 In my experienc, Windows users don't understand the idea of latency
 either, thus they will click on something three times when they
 should just wait for it to finish loading, thus generating more
 bandwidth.  Also, directory listings, polling for changes to
 directories and all sorts of other things that Windows does with
 drives will push tons of network traffic across the link, thus
 driving up your costs.

 This has been my experience.  Perhaps your users are smarter and more
 disciplined than the people I was working with, but mounting a
 network drive under windows carries a lot of traffic with it as
 baggage.  I've never measured exactly how much, but it's more than
 most people realize. For example, I've found that a 1.5mb/sec T1 line
 isn't really fast enough for a single SMB mounted drive.

 If I were you, I'd set up some sort of tunnel and run a pilot test
 with 1 user.  I don't expect you'll be happy with the results, but it
 is possible that I didn't set things up as well as could be the last
 time I did this. Just be aware of the network traffic, as it ended up
 being a lot more than I expected.

 You'll probably have better results setting up some sort of terminal
 serer (either VNC or MS terminal server) and allowing users to work
 on the remote files that way.  Terminal servers still use a lot of
 bandwidth, but they're designed for slow links, so it's not quite as
 bad (this may or may not be the same in your scenerio, as working
 with HTML files might not generate as much traffic as the MS Access
 files we were working with).

This is probably very bandwidth intensive (please correct me if I'm 
wrong); but provides another option.  I've been sharing files with 
relatives across the US using WebDav and SSL (on Apache2).  Basically, 
I setup a secure web server (port 443?), blocked port 80, implemented 
user-password authorization in Apache2 and activated webdav on the 
shared folders.

Authorized Windows users mount web folders, which appear as drive 
letters.  The use of SSL protects the username/password as well as the 
content in transit.

Best of luck,

Andrew Gould
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]