Hi 9.0 users, I am attempting to encrypt NFS traffic with sshd and the ssh client. I almost have it, except for the final mount command. Here is what I've accomplished so far: ~ poked holes in the firewall for NFS by editing /etc/sysconfig/iptables: ~ -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 --syn -j ACCEPT -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 -j ACCEPT ~ make sure hosts.allow knows NFS's throughput ~ portmap: my.ip.addy/255.255.255.0 lockd: my.ip.addy/255.255.255.0 mountd: my.ip.addy/255.255.255.0 ~ set up the exports in /etc/exports ~ /tmp my.ip.addy(rw,insecure,root_squash) /tmp 127.0.0.1(rw,insecure,root_squash) NOTE: I have both the DHCP assigned IP and my localhost IP above ~ start NFS ~ $ cd /etc/rc.d/init.d/ $ ./nfs start Starting NFS services: [ OK ] Starting NFS quotas: [ OK ] Starting NFS daemon: [ OK ] Starting NFS mountd: [ OK ] ~ start sshd ~ from /etc/rc.d/init.d I execute $ ./sshd start Starting sshd: [ OK ] ~ begin setting up the tunnel with the ssh client ~ $ ssh -f -L 2818:foohost:2049 -l foouser foohost sleep 300 ~ verify ~ $ netstat -na | grep -E 'Proto|2818' Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 127.0.0.1:2818 0.0.0.0:* LISTEN ~ finish ssh tunnel for encrypted NFS traffic, find the mountd port by using the 'rpcinfo -p' command, it is 35672 ~ $ ssh -f -L 3045:foohost:35672 -l foouser foohost sleep 300 ~ verify ~ $ netstat -na | grep -E 'Proto|2818|3045' Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 127.0.0.1:2818 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:3045 0.0.0.0:* LISTEN ~ now attempt to set the final mount point for encrypted nfs ~ $ mount -t nfs -o tcp,port=2818,mountport=3045 foohost:/tmp /mnt/nfs/sshmount channel 2: open failed: connect failed: Connection refused channel 2: open failed: connect failed: Connection refused channel 2: open failed: connect failed: Connection refused channel 2: open failed: connect failed: Connection refused channel 2: open failed: connect failed: Connection refused channel 2: open failed: connect failed: Connection refused channel 2: open failed: connect failed: Connection refused channel 2: open failed: connect failed: Connection refused channel 2: open failed: connect failed: Connection refused channel 2: open failed: connect failed: Connection refused channel 2: open failed: connect failed: Connection refused channel 2: open failed: connect failed: Connection refused channel 2: open failed: connect failed: Connection refused channel 2: open failed: connect failed: Connection refused This has been a challenge for me. Can the user community come to my rescue? A bunch of brains on this problem is better than one. -DK -- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list
