Re: SSH, SaMBa, & NFS?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Jeffrey Ross wrote:


Ian Malone wrote:
On 24/11/06, Jeffrey Ross <jeff@xxxxxxxxxx> wrote:
I know I can set up an SSH tunnel and proxy my traffic through the
tunnel, either by using specific predetermined ports or by using the -D
option so it works like a socks proxy.

My question is, can I pass NFS or SaMBa traffic via an SSH tunnel as
well?  Performance via the tunnel is not a priority.


Samba yes, port 139(*), the host you are tunneling from will need
to be allowed to access the share.  NFS, don't know.

(*) Can be tunnelled from a Windows machine if you:
1. Install a loopback interface on 10.0.0.x (**)
2. Do the forwarding from 10.0.0.x:139 to the server port 139
3. Point windows at the share on 10.0.0.x:139
(**) Apparently there's some issue with 127.0.0.x loopbacks,
but I've never investigated.

Maybe I should have included a wonderful ASCII diagram so you can see how everything is laid out as the example you provided I think only allows between the two ssh endpoints.

Here is my pitiful ascii diagram:
                                    Private (10.x.x.x/8 addressing)
                                   |
                v-public address   v        /--(smb fileservers)
(HostA)------(FW)--internet---(FW)---------------(HostB)
       ^                     ^-public address
       |
(private 172.16.x.x/20 addressing) I need (want?) host A to be able mount filesystems from any of the smb fileservers. Host B has both NFS and Samba loaded and can mount smb filesystems from the smb fileservers today.


You can tunnel ssh within ssh (I have to do this to overcome
the fact my lab machine is in a private address range).

Forward ssh to the host via the gateway
ssh -L 127.0.0.2:22:host:22 gatewayuser@gateway

Then ssh to the host and tunnel your service (here samba)
ssh -L 127.0.0.2:139:127.0.0.1:139 hostuser@xxxxxxxxx

Also Host B's address space is in the 10 net, obviously I can choose another address range for a loopback, but I've never seen anything other than 127.0.0.1 as a loopback on a unix machine and changing it will surely break something. Can I create loopback1? I've never tried....


On Unix machines this is not a problem, it's on Windows that
I'm told using 127.0.0.2 (for example) will confuse things.
For a Unix box the normal set of loopbacks should be your
default.

--
imalone

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux