- Community Home
- >
- Servers and Operating Systems
- >
- Operating System - OpenVMS
- >
- NFS over SSH tunnel
-
- Forums
-
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
- HPE Blog, Austria, Germany & Switzerland
- Blog HPE, France
- HPE Blog, Italy
- HPE Blog, Japan
- HPE Blog, Middle East
- HPE Blog, Russia
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
-
Blogs
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Blog, Latin America
- HPE Blog, Middle East
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
-
Information
- Community
- Welcome
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Tips and Tricks
- Resources
- Announcements
- Email us
- Feedback
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Aruba Airheads Community
- Enterprise.nxt
- HPE Dev Community
- Cloud28+ Community
- Marketplace
-
Forums
-
Blogs
-
Information
-
English
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
05-31-2018 02:57 AM
05-31-2018 02:57 AM
NFS over SSH tunnel
hi
I'm trying to get NFS working between 2 openvms servers using an SSH tunnel. The client is running 7.3-2 TCPIP v5.4 eco 7 - Host1 (client) and server is running 8.4-2L1 TCPIP 5.7 eco 5 - Host2 (server). The mount is tested and working locally on host2.
on host2 nfs setup
tcpip map "/test" dsa0:
tcpip add export "/test/smg/test"/option=typeless/host=(host1,host2)
tcpip add proxy/host=(*)/nfs/uid=65/gid=50 testacc
from host1
tcpip mount dnfs111:[smg.test]/host="host2"/path="/test/smg/test"/processor=UNIQUE/gid=50/uid=65/write
As the tcpip mount command doesnt allow a specifc port to be define I've tried with port 111 to create the tunnel using. Looking at tcpdump traces form a normal nfs it connects to port 111.
ssh -"L" 111:localhost:111 host2
which should map to the portmapper on host2... however i get timeout on the mount from host1.
tcpip mount dnfs111:[smg.test]/host="localhost"/path="/test/smg/test"/processor=UNIQUE/gid=50/uid=65/write
%TCPIP$DNFSMOUNT-E-MOUNTFAIL, error mounting _DNFS111:[SMG.TEST]
-SYSTEM-F-TIMEOUT, device timeout
I can create tunnels to telnet and web services on host2 on the same port using ssh -"L" 111:localhost:80 for example and tested using telnet/port=111 localhost.
I've also created a local proxy on host2
tcpip add proxy/host=(host2)/nfs/uid=65/gid=50 testacc
a tcpdump shows that the mount gets no response from the localhost on port 111 and is followed by an ICMP destination unreachable (port unreachable)
I've had a look at 8.4-2l1 TCPIP 5.7 eco 5 which in help has a tcpip mount/port qualifier but when you try and use it i get the following no matter where i place the qualifier:
CLI-W-IVQUAL, unrecognized qualifier - check validity, spelling, and placement
\PORT\
I'm wondering if the qualifer doesnt actually exist....
I've also tried a tunnel on 2049 as well with the same timeout response.
Has anyone had any joy with NFS over SSH tunnel with OpenVMS?
thanks
Ted
- Tags:
- NFS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
05-31-2018 06:37 AM
05-31-2018 06:37 AM
Re: NFS over SSH tunnel
> I'm trying to get NFS working between 2 openvms servers using an SSH
> tunnel. [...]
I don't do enough with either NFS or SSH to know anything, but...
> [...] port 111 [...] 2049 [...]
I'd expect both of those to be needed, but my dim understanding of
the portmapper was that it was used to negotiate other ports, too.
tcpip show portmapper
A quick Web search ("nfs ports") found a guide for GNU/Linux which
includes a section (6.5) on "Tunneling NFS through SSH", which talks
about pinning particular services to particular ports, which may or may
not be possible on VMS+TCPIP:
http://tldp.org/HOWTO/NFS-HOWTO/security.html
Knowing nothing, I'd be looking for something fancier than SSH
tunnels for this, like, perhaps, a VPN or IPsec, where dynamically
negotiated ports might cause less trouble.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
06-01-2018 03:02 AM
06-01-2018 03:02 AM
Re: NFS over SSH tunnel
thanks for the reply.
i found this http://www2.cs.siu.edu/~cs491-2/projects/tzigler-snfs.pdf which is for unix but explains the principle. with some unix you can specify the port that mount uses. thats why i was hoping that the tcpip mount/port would work so i could use a different local port instead of 111 to prevent any issues with using that port and to confirm which port it is actually using.....the help for it says this:
MOUNT
/PORT
/PORT=n
Optional. Default: 0.
The port number to connect to the NFS server on. If the default
value of 0 is used, then query the remote host's portmapper for the
port number. If the remote hosts' portmapper does not respond with
a valid port number, then port number 2049 is used.
but it doesnt look like its actually implemented..... it doesnt help me going from 7.3-2 to 8.42l1 but it will prove it works and why it doesnt work from 7.3-2.... it suggests that a tunnel straight to 2049 rather than 111 should work but it doesnt......
looking at the tcpdump when a normal mount is tried ports 111, 10 and 2049 are the destination ports used in that sequence which is what is in portmapper, but mapping those ports doesnt work.
i've tried with wildcarding the proxy and export and mounting /host=localhost but still no response from the nfs service..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
06-07-2018 02:24 AM
06-07-2018 02:24 AM
Re: NFS over SSH tunnel
i found this http://www2.cs.siu.edu/~cs491-2/projects/tzigler-snfs.pdf which is for unix but explains the principle. with some unix you can specify the port that mount uses and thats why i was hoping that the v8.4-2l1 tcpip mount/port would work so i could use a different local port instead of 111 to prevent any issues with using that port and to confirm which port it is actually using.....the help for it says this:
MOUNT
/PORT
/PORT=n
Optional. Default: 0.
The port number to connect to the NFS server on. If the default
value of 0 is used, then query the remote host's portmapper for the
port number. If the remote hosts' portmapper does not respond with
a valid port number, then port number 2049 is used.
but it doesnt look like its actually implemented..... it doesnt help me going from 7.3-2 to 8.42l1 but it will prove it works and why it doesnt work from 7.3-2.... it suggests that a tunnel straight to 2049 rather than 111 should work but it doesnt unless i'm doing something wrong......
looking at the tcpdump when a normal mount is tried ports 111, 10 and 2049 are the destination ports used which is what is also in portmapper on the remote server...
Hewlett Packard Enterprise International
- Communities
- HPE Blogs and Forum
© Copyright 2021 Hewlett Packard Enterprise Development LP