Access to NFS over SSH Tunnel - NFS

This is a discussion on Access to NFS over SSH Tunnel - NFS ; Hi, I would like to gain access to a NFS share in a remote network from a windows machine. I have performed the following steps: 1. Downloaded and installed a NFS client for windows (Microsoft Windows Services for UNIX 3.5) ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: Access to NFS over SSH Tunnel

  1. Access to NFS over SSH Tunnel

    Hi,

    I would like to gain access to a NFS share in a remote network from a
    windows machine. I have performed the following steps:

    1. Downloaded and installed a NFS client for windows (Microsoft Windows
    Services for UNIX 3.5)
    2. Created a loopback adapter at 10.0.0.1
    3. Opened a ssh connection to a server in the target network with Putty
    (I could also connect directly to the machine hosting the NFS share).
    4. Added a tunnel from L10.0.0.1:2049 to 193.X.X.X:2049 and from
    L10.0.0.1:111 to 193.X.X.X:111. (193.X.X.X is the ip address of the nfs
    server in the remote network)
    5. Finally registered a NFS network with 10.0.0.1 as my broadcast
    address (My Network Places > NFS Network > Add NFS LAN)

    Since it doesn't work I guess that I have missed some important point.
    Any ideas?

    Best regards
    Maros

  2. Re: Access to NFS over SSH Tunnel

    Hi,

    If I'm not mistaken you'll also need access to the statd, mountd and maybe
    lockd ports on the server. These usually have a random port assigned. You
    can see which ports using the rpcinfo command.

    Unless you're using NFSv4, where only 2049 has to be tunneled.

    Rik


    Maros Kollar wrote:

    > Hi,
    >
    > I would like to gain access to a NFS share in a remote network from a
    > windows machine. I have performed the following steps:
    >
    > 1. Downloaded and installed a NFS client for windows (Microsoft Windows
    > Services for UNIX 3.5)
    > 2. Created a loopback adapter at 10.0.0.1
    > 3. Opened a ssh connection to a server in the target network with Putty
    > (I could also connect directly to the machine hosting the NFS share).
    > 4. Added a tunnel from L10.0.0.1:2049 to 193.X.X.X:2049 and from
    > L10.0.0.1:111 to 193.X.X.X:111. (193.X.X.X is the ip address of the nfs
    > server in the remote network)
    > 5. Finally registered a NFS network with 10.0.0.1 as my broadcast
    > address (My Network Places > NFS Network > Add NFS LAN)
    >
    > Since it doesn't work I guess that I have missed some important point.
    > Any ideas?
    >
    > Best regards
    > Maros


    --
    TeCh

  3. Re: Access to NFS over SSH Tunnel

    On 2006-12-04, Maros Kollar wrote:

    > I would like to gain access to a NFS share in a remote network from a
    > windows machine. I have performed the following steps:
    > ...
    > Since it doesn't work I guess that I have missed some important point.
    > Any ideas?


    Points you missed were:
    - establishing whether your endpoint will do NFS over TCP
    instead of the usual UDP
    - using a packet sniffer to discover what was happening
    different from what you expected
    - erasing Windows and installing an operating system

    --
    Elvis Notargiacomo master AT barefaced DOT cheek
    http://www.notatla.org.uk/goen/

  4. Re: Access to NFS over SSH Tunnel

    You don't say which specific UNIX you are trying to connect to.

    Some UNIX systems require the NFS request come from a low port to help deter spoofing. When you use an SSH tunnel, it is likely using a high source port to connect. Check the logs on the UNIX machine. On Solaris, there is a tunable in /etc/system called nfs:nfs_portmon which controls that. The value can be changed on a live system without needing a reboot if running Solaris.

    I don't use Windows very much, so I don't know if their normal connection is from high ports on NFS services. A way to check is to attempt a connection and have your UNIX sys admin snoop the connection.

    Doug

    --
    For UNIX, Linux and security articles
    visit http://SecurityBulletins.com/



    On Mon, 04 Dec 2006 14:19:04 +0100
    Maros Kollar wrote:

    > Hi,
    >
    > I would like to gain access to a NFS share in a remote network from a
    > windows machine. I have performed the following steps:
    >
    > 1. Downloaded and installed a NFS client for windows (Microsoft Windows
    > Services for UNIX 3.5)
    > 2. Created a loopback adapter at 10.0.0.1
    > 3. Opened a ssh connection to a server in the target network with Putty
    > (I could also connect directly to the machine hosting the NFS share).
    > 4. Added a tunnel from L10.0.0.1:2049 to 193.X.X.X:2049 and from
    > L10.0.0.1:111 to 193.X.X.X:111. (193.X.X.X is the ip address of the nfs
    > server in the remote network)
    > 5. Finally registered a NFS network with 10.0.0.1 as my broadcast
    > address (My Network Places > NFS Network > Add NFS LAN)
    >
    > Since it doesn't work I guess that I have missed some important point.
    > Any ideas?
    >
    > Best regards
    > Maros


  5. Re: Access to NFS over SSH Tunnel

    I could be completely off here, but I think that NFS usually runs on UDP,
    rather than TCP, and if memory serves me correctly, ssh is a TCP layer. NFS
    can be convinced to run on TCP, but defaults to UDP. So you might need to
    convince the NFS server owner to enable TCP for NFS, and set your client to
    use TCP instead of UDP, before you can get ssh to forward ports.


    "Maros Kollar" wrote in message
    news:1ebdd$45741eb2$5471d63d$17777@news.chello.at. ..
    > Hi,
    >
    > I would like to gain access to a NFS share in a remote network from a
    > windows machine. I have performed the following steps:
    >
    > 1. Downloaded and installed a NFS client for windows (Microsoft Windows
    > Services for UNIX 3.5)
    > 2. Created a loopback adapter at 10.0.0.1
    > 3. Opened a ssh connection to a server in the target network with Putty
    > (I could also connect directly to the machine hosting the NFS share).
    > 4. Added a tunnel from L10.0.0.1:2049 to 193.X.X.X:2049 and from
    > L10.0.0.1:111 to 193.X.X.X:111. (193.X.X.X is the ip address of the nfs
    > server in the remote network)
    > 5. Finally registered a NFS network with 10.0.0.1 as my broadcast
    > address (My Network Places > NFS Network > Add NFS LAN)
    >
    > Since it doesn't work I guess that I have missed some important point.
    > Any ideas?
    >
    > Best regards
    > Maros



+ Reply to Thread