Re: Encrypted NFS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, 2003-07-31 at 12:11, Daniel Kemper wrote:
> Hi 9.0 users,
> 
> I am attempting to encrypt NFS traffic with sshd and the ssh client.  
> I almost have it, except for the final mount command.  Here is what 
> I've accomplished so far:
> 
> ~ poked holes in the firewall for NFS by editing
> /etc/sysconfig/iptables: ~
> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 --syn -j ACCEPT
> -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 -j ACCEPT
> 
> ~ make sure hosts.allow knows NFS's throughput ~
> portmap: my.ip.addy/255.255.255.0
> lockd: my.ip.addy/255.255.255.0
> mountd: my.ip.addy/255.255.255.0
> 
> ~ set up the exports in /etc/exports ~
> /tmp    my.ip.addy(rw,insecure,root_squash)
> /tmp    127.0.0.1(rw,insecure,root_squash)
> 
> NOTE: I have both the DHCP assigned IP and my localhost IP above
> 
> ~ start NFS ~
> $ cd /etc/rc.d/init.d/
> $ ./nfs start
> Starting NFS services:                                     [  OK  ]
> Starting NFS quotas:                                       [  OK  ]
> Starting NFS daemon:                                       [  OK  ]
> Starting NFS mountd:                                       [  OK  ]
> 
> ~ start sshd ~
> from /etc/rc.d/init.d I execute 
> $ ./sshd start
> Starting sshd:                                             [  OK  ]
> 
> ~ begin setting up the tunnel with the ssh client ~
> $ ssh -f -L 2818:foohost:2049 -l foouser foohost sleep 300
> 
> ~ verify ~
> $ netstat -na | grep -E 'Proto|2818'
> Proto Recv-Q Send-Q Local Address           Foreign Address        
> State
> tcp        0      0 127.0.0.1:2818          0.0.0.0:*              
> LISTEN
> 
> ~ finish ssh tunnel for encrypted NFS traffic, find the mountd port 
> by using the 'rpcinfo -p' command, it is 35672 ~
> $ ssh -f -L 3045:foohost:35672 -l foouser foohost sleep 300
> 
> ~ verify ~
> $ netstat -na | grep -E 'Proto|2818|3045'
> Proto Recv-Q Send-Q Local Address           Foreign Address        
> State
> tcp        0      0 127.0.0.1:2818          0.0.0.0:*              
> LISTEN
> tcp        0      0 127.0.0.1:3045          0.0.0.0:*              
> LISTEN
> 
> ~ now attempt to set the final mount point for encrypted nfs ~
> $ mount -t nfs -o tcp,port=2818,mountport=3045 foohost:/tmp
> /mnt/nfs/sshmount

And how are you getting the portmapper requests (port 111) from 
client to server?

- rick 


-- 
Shrike-list mailing list
Shrike-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/shrike-list
[Index of Archives]     [Fedora Users]     [Centos Users]     [Kernel Development]     [Red Hat Install]     [Red Hat Watch]     [Red Hat Development]     [Red Hat Phoebe Beta]     [Yosemite Forum]     [Fedora Discussion]     [Gimp]     [Stuff]     [Yosemite News]

  Powered by Linux