SSH, SaMBa, & NFS?

Ian Malone ibmalone at gmail.com
Fri Nov 24 17:54:08 UTC 2006 

Jeffrey Ross wrote:
> 
> 
> Ian Malone wrote:
>> On 24/11/06, Jeffrey Ross <jeff at bubble.org> wrote:
>>> I know I can set up an SSH tunnel and proxy my traffic through the
>>> tunnel, either by using specific predetermined ports or by using the -D
>>> option so it works like a socks proxy.
>>>
>>> My question is, can I pass NFS or SaMBa traffic via an SSH tunnel as
>>> well?  Performance via the tunnel is not a priority.
>>>
>>
>> Samba yes, port 139(*), the host you are tunneling from will need
>> to be allowed to access the share.  NFS, don't know.
>>
>> (*) Can be tunnelled from a Windows machine if you:
>> 1. Install a loopback interface on 10.0.0.x (**)
>> 2. Do the forwarding from 10.0.0.x:139 to the server port 139
>> 3. Point windows at the share on 10.0.0.x:139
>> (**) Apparently there's some issue with 127.0.0.x loopbacks,
>> but I've never investigated.
>>
> Maybe I should have included a wonderful ASCII diagram so you can see 
> how everything is laid out as the example you provided I think only 
> allows between the two ssh endpoints.
> 
> Here is my pitiful ascii diagram:
>                                     Private (10.x.x.x/8 addressing)
>                                    |
>                 v-public address   v        /--(smb fileservers)
> (HostA)------(FW)--internet---(FW)---------------(HostB)
>        ^                     ^-public address
>        |
> (private 172.16.x.x/20 addressing)               
> I need (want?) host A to be able mount filesystems from any of the smb 
> fileservers.  Host B has both NFS and Samba loaded and can mount smb 
> filesystems from the smb fileservers today.
> 

You can tunnel ssh within ssh (I have to do this to overcome
the fact my lab machine is in a private address range).

Forward ssh to the host via the gateway
ssh -L 127.0.0.2:22:host:22 gatewayuser at gateway

Then ssh to the host and tunnel your service (here samba)
ssh -L 127.0.0.2:139:127.0.0.1:139 hostuser at 127.0.0.2

> Also Host B's address space is in the 10 net, obviously I can choose 
> another address range for a loopback, but I've never seen anything other 
> than 127.0.0.1 as a loopback on a unix machine and changing it will 
> surely break something.  Can I create loopback1?  I've never tried....
> 

On Unix machines this is not a problem, it's on Windows that
I'm told using 127.0.0.2 (for example) will confuse things.
For a Unix box the normal set of loopbacks should be your
default.

-- 
imalone

More information about the fedora-list mailing list