Re: SSH, SaMBa, & NFS?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Jeffrey Ross wrote:



Ian Malone wrote:

On 24/11/06, Jeffrey Ross <jeff@xxxxxxxxxx> wrote:

I know I can set up an SSH tunnel and proxy my traffic through the
tunnel, either by using specific predetermined ports or by using the -D
option so it works like a socks proxy.

My question is, can I pass NFS or SaMBa traffic via an SSH tunnel as
well?  Performance via the tunnel is not a priority.



Samba yes, port 139(*), the host you are tunneling from will need
to be allowed to access the share.  NFS, don't know.

(*) Can be tunnelled from a Windows machine if you:
1. Install a loopback interface on 10.0.0.x (**)
2. Do the forwarding from 10.0.0.x:139 to the server port 139
3. Point windows at the share on 10.0.0.x:139
(**) Apparently there's some issue with 127.0.0.x loopbacks,
but I've never investigated.
Maybe I should have included a wonderful ASCII diagram so you can see how everything is laid out as the example you provided I think only allows between the two ssh endpoints. 

Here is my pitiful ascii diagram:
                                    Private (10.x.x.x/8 addressing)
                                   |
                v-public address   v        /--(smb fileservers)
(HostA)------(FW)--internet---(FW)---------------(HostB)
       ^                     ^-public address
       |
(private 172.16.x.x/20 addressing) I need (want?) host A to be able mount filesystems from any of the smb fileservers. Host B has both NFS and Samba loaded and can mount smb filesystems from the smb fileservers today. 



You can tunnel ssh within ssh (I have to do this to overcome
the fact my lab machine is in a private address range).

Forward ssh to the host via the gateway
ssh -L 127.0.0.2:22:host:22 gatewayuser@gateway

Then ssh to the host and tunnel your service (here samba)
ssh -L 127.0.0.2:139:127.0.0.1:139 hostuser@xxxxxxxxx
Also Host B's address space is in the 10 net, obviously I can choose another address range for a loopback, but I've never seen anything other than 127.0.0.1 as a loopback on a unix machine and changing it will surely break something. Can I create loopback1? I've never tried.... 



On Unix machines this is not a problem, it's on Windows that
I'm told using 127.0.0.2 (for example) will confuse things.
For a Unix box the normal set of loopbacks should be your
default.

--
imalone
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux