SSH, SaMBa, & NFS?
Ian Malone
ibmalone at gmail.com
Fri Nov 24 17:54:08 UTC 2006
Jeffrey Ross wrote:
>
>
> Ian Malone wrote:
>> On 24/11/06, Jeffrey Ross <jeff at bubble.org> wrote:
>>> I know I can set up an SSH tunnel and proxy my traffic through the
>>> tunnel, either by using specific predetermined ports or by using the -D
>>> option so it works like a socks proxy.
>>>
>>> My question is, can I pass NFS or SaMBa traffic via an SSH tunnel as
>>> well? Performance via the tunnel is not a priority.
>>>
>>
>> Samba yes, port 139(*), the host you are tunneling from will need
>> to be allowed to access the share. NFS, don't know.
>>
>> (*) Can be tunnelled from a Windows machine if you:
>> 1. Install a loopback interface on 10.0.0.x (**)
>> 2. Do the forwarding from 10.0.0.x:139 to the server port 139
>> 3. Point windows at the share on 10.0.0.x:139
>> (**) Apparently there's some issue with 127.0.0.x loopbacks,
>> but I've never investigated.
>>
> Maybe I should have included a wonderful ASCII diagram so you can see
> how everything is laid out as the example you provided I think only
> allows between the two ssh endpoints.
>
> Here is my pitiful ascii diagram:
> Private (10.x.x.x/8 addressing)
> |
> v-public address v /--(smb fileservers)
> (HostA)------(FW)--internet---(FW)---------------(HostB)
> ^ ^-public address
> |
> (private 172.16.x.x/20 addressing)
> I need (want?) host A to be able mount filesystems from any of the smb
> fileservers. Host B has both NFS and Samba loaded and can mount smb
> filesystems from the smb fileservers today.
>
You can tunnel ssh within ssh (I have to do this to overcome
the fact my lab machine is in a private address range).
Forward ssh to the host via the gateway
ssh -L 127.0.0.2:22:host:22 gatewayuser at gateway
Then ssh to the host and tunnel your service (here samba)
ssh -L 127.0.0.2:139:127.0.0.1:139 hostuser at 127.0.0.2
> Also Host B's address space is in the 10 net, obviously I can choose
> another address range for a loopback, but I've never seen anything other
> than 127.0.0.1 as a loopback on a unix machine and changing it will
> surely break something. Can I create loopback1? I've never tried....
>
On Unix machines this is not a problem, it's on Windows that
I'm told using 127.0.0.2 (for example) will confuse things.
For a Unix box the normal set of loopbacks should be your
default.
--
imalone
More information about the fedora-list
mailing list