NFS and ssh tunneling: problems

Hello,

I'm trying to set up an NFS system tunneled through SSH, as described in
the NFS Howto. However, I get an error while trying to mount the system:

mount: RPC: Unable to receive; errno = Connection refused

Below you'll find what I did.

My questions:

1) what am I doing wrong?

2) is there any alternative to NFS, which is secure and +- easy to
configure? I just want to export the home directories to all the
computers in our lab (about a dozen all in all). Some of the computers
are students laptops, so security might be an issue; I don't want them
to meddle with data other then their own, and of course in NFS if you
got root on the client you can do a lot of damage to data belonging to
other users in the exported home directory.


Best regards,

january

What I did:

I know the NFS itself works well.

Server: (Suse Linux 8.2)
=======
/etc/hosts.deny:

--+
portmap: ALL
--+

/etc/hosts.allow:

--+
portmap: <server IP>
--+

1. edited /etc/exports:
--+
/testexport/ 127.0.0.1(rw,root_squash,sync)
--+

2. restarted nfs

server:/root # rcnfsserver restart
server:/root # rpcinfo -p
program vers proto port
(...)
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
(...)
100005 1 udp 32943 mountd
100005 1 tcp 45577 mountd

Client: (Suse Linux 8.1)
=======

1. edited /etc/fstab:
--+
<server IP>:/testexport /mnt/testimport nfs rw,hard,intr,user,port=250,mountport=251 0 0
--+

2. ssh tunelling:
ssh root@server -L 250:localhost:2049 -f sleep 60m
ssh root@server -L 251:localhost:32943 -f sleep 60m

(I tried the last one both with the UDP and the TCP/IP ports)
(the ports are not pinned down, I used the rpcinfo to make sure I'm
forwarding the right port)

Until now, everything looks fine. Now I try to do the following:

<client>:/home/january # mount /mnt/testimport/
mount: RPC: Unable to receive; errno = Connection refused

--
"They laughed at Columbus, they laughed at Fulton, they laughed at the
Wright brothers. But they also laughed at Bozo the Clown." -- Carl Sagan

january@uni-muenster.de wrote:
> Hello,
>
> I'm trying to set up an NFS system tunneled through SSH, as described in
> the NFS Howto. However, I get an error while trying to mount the system:
>
> mount: RPC: Unable to receive; errno = Connection refused

> <server IP>:/testexport /mnt/testimport nfs
> rw,hard,intr,user,port=250,mountport=251 0 0

You need to be treating localhost as the server.

--
Cameron Kerr
cameron.kerr@paradise.net.nz : http://nzgeeks.org/cameron/
Empowered by Perl!

Cameron Kerr <cameron.kerr@paradise.net.nz> wrote:
> > <server IP>:/testexport /mnt/testimport nfs
> > rw,hard,intr,user,port=250,mountport=251 0 0

> You need to be treating localhost as the server.

Right! Stupid me - that explains why I couldn't understand what's going
on.

...but I doesn't help :-( I still got the "Connection
refused" error.

Do I understand correctly what is going on here:

1. ssh -L 250:localhost:2049

I connect via ssh from LOCAL to SERVER. ssh will tunnel any requests
made to the port 250 of LOCAL to the port 2049 of the SERVER

1.5 Similarily, 251 on LOCAL will map to the mountd port on the SERVER --
which I got from the rpcinfo -p executed on the SERVER).

2. When a mount requests is done on the LOCAL, the options in fstab make
it go to ports 250/251 instead of the usual 2049/(whatever), right?

3. Ssh takes the requests, and passes them on to the SERVER.

4. SERVER thinks that it is exporting the NFS locally to that user who
logged in via ssh initially, whoever it might be.

So, now that I understand it -- why doesn't it work :-) ?

I can mount the exported filesystem locally, but via NFS on the SERVER - so
the NFS server on the SERVER runs correctly, exports what is to be exported
to the localhost. I can even mount it as user if I make the apropriate
entry in the fstab.

Then, methinks, the problem is with the ssh connection. But this seems to
work, too. So what the heck is going on? What am I doing wrong, now?

Desperatuary

--
....wszystkie koty s± bia³e, tylko niektóre maj± brightness równy zero.
[ Artur 'Zmechu' Prokopiuk ]

january@uni-muenster.de wrote:
> Cameron Kerr <cameron.kerr@paradise.net.nz> wrote:
>> > <server IP>:/testexport /mnt/testimport nfs
>> > rw,hard,intr,user,port=250,mountport=251 0 0
>
>> You need to be treating localhost as the server.
>
> Right! Stupid me - that explains why I couldn't understand what's going
> on.
>
> ...but I doesn't help :-( I still got the "Connection
> refused" error.
>
> Do I understand correctly what is going on here:
>
> 1. ssh -L 250:localhost:2049

Add the server to the end

client# ssh -L 250:localhost:2049 fileserver

> I connect via ssh from LOCAL to SERVER. ssh will tunnel any requests
> made to the port 250 of LOCAL to the port 2049 of the SERVER

Remember that the :localhost: part is relative to the machine you're
logging into, not the client.

> 1.5 Similarily, 251 on LOCAL will map to the mountd port on the SERVER --
> which I got from the rpcinfo -p executed on the SERVER).
>
> 2. When a mount requests is done on the LOCAL, the options in fstab make
> it go to ports 250/251 instead of the usual 2049/(whatever), right?
>
> 3. Ssh takes the requests, and passes them on to the SERVER.
>
> 4. SERVER thinks that it is exporting the NFS locally to that user who
> logged in via ssh initially, whoever it might be.

Make sure that hosts.allow allows 127.0.0.1 access to portmap, mountd
and nfsd.

Also, you need to tell it to use TCP. I can't remember if you did that
or not.

--
Cameron Kerr
cameron.kerr@paradise.net.nz : http://nzgeeks.org/cameron/
Empowered by Perl!