James, Bob, and others, thanks for your help. sorry to take so long getting back (see below for explanation!)
On Sat, Jun 21, 2003 at 12:24:05AM -0400, James Strandboge wrote: > > > Ouch. You may already be hacked. jeez, guys, it was only up for about 5 minutes -- I'm not THAT stupid (though I can be pretty dumb if left to my own devices) > > The ports are portmap and whatever is listed with 'rpcinfo -p'. thanks. I think I understand (though I don't see how to get information using portmap.) > > But please don't do this at all-- you are opening yourself up to a whole > bunch of problems. do you mean, don't do NFS via ssh either? > I'd recommend scp. scp is very cool, thanks for the recommendation. > If you must have nfs, it is possible to use nfs with > ssh. See: > > http://www.samag.com/documents/s=4072/sam0203d/sam0203d.htm this is a great article, James, thanks for writing it and pointing me to it. Unfortunately, even with directions as explicit and clear as yours, I couldn't get NFS over SSH to work for me. I think the issue is part denseness, part the result of working around my home router, and not understanding port forwarding very well; and at least a small part is a little harder to explain. Hope folks don't mind if I go through James' article step by step. SERVER CONFIGURATION 1) setting up /etc/exports no problem. added this line: #trying to do ssh tunnelling /home/matt/Projects 128.100.34.9(ro,insecure,root_squash) 2) edit nfs init script ...er... that didn't go so well! it was easy to get nfs to stop and kill sshd before working, by adding the lines: /etc/init.d/ssh stop killall sshd at the beginning of the script but no matter where I put the restart command: /etc/init.d/ssh restart I couldn't get sshd to start back up again. James, do you have a copy of a working /etc/init.d/nfs-user-server that starts ssh and then restarts it? I think I don't fully understand the bash syntax (sorry for my ignorance). (this is part of the reason I've taken so long replying -- I couldn't log in to my work account and my email environment for two days!). 3. setup iptables (in my case using ipmasq) had a little trouble here specifying the address of my client (home) machine, which is set dynamically by pppoe. Finally realized that I couldn't do as I'd planned and enter my dyndns domain name, since it can't be determined without DNS, and iptables really didn't want to let me use dns. I'm wondering if this can somehow be done with a script -- run a cron job every five minutes that checks the IP adress of my dyndns.org domain, exports the value as a variable, which is then read by iptables/ipmasq. Does that sound like it would work? Anyone know a tool that just returns an IP address? For now I just entered my current IP, which works fine. CLIENT CONFIGURATION 1. get server's ports no problem. here's the current output: matts-mac:~# rpcinfo -p 128.100.34.9 program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100024 1 udp 865 status 100024 1 tcp 868 status 100003 2 udp 2049 nfs 100003 2 tcp 2049 nfs 100005 1 udp 986 mountd 100005 2 udp 986 mountd 100005 1 tcp 989 mountd 100005 2 tcp 989 mountd 2. set up tunnel this usually works,with a command like this: ssh -f -c blowfish -L 2820:128.100.34.9:2049 -L 3047:128.100.34.9:989 -l matt 128.100.34.9 /bin/sleep 86400 right now I seem to have broken the networking on my home computer (see separate post, to follow) but I expect this part will work eventually. 3. mount the nfs volume... ... this always fails catastrophically. In particular, I never seem to be able to open up the requisite ports on the client end. I suspect this has something to do with the home network. Now, on my router (an SMC Barricade, with a web-only interface) I don'th ave tons of options. I can forward individual port directly from the router to the home computer; or I can put the home computer in a DMZ. Will either of these strategies work? what further information can I provide to help with diagnosis? whew. Thanks for the help you've already given, and thanks for help in solving my current conundrum. best, Matt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
