I'm trying to get NFS working between 2 openvms servers using an SSH tunnel. The client is running 7.3-2 TCPIP v5.4 eco 7 - Host1 (client) and server is running 8.4-2L1 TCPIP 5.7 eco 5 - Host2 (server). The mount is tested and working locally on host2.
tcpip mount dnfs111:[smg.test]/host="host2"/path="/test/smg/test"/processor=UNIQUE/gid=50/uid=65/write
As the tcpip mount command doesnt allow a specifc port to be define I've tried with port 111 to create the tunnel using. Looking at tcpdump traces form a normal nfs it connects to port 111.
ssh -"L" 111:localhost:111 host2
which should map to the portmapper on host2... however i get timeout on the mount from host1.
tcpip mount dnfs111:[smg.test]/host="localhost"/path="/test/smg/test"/processor=UNIQUE/gid=50/uid=65/write
I can create tunnels to telnet and web services on host2 on the same port using ssh -"L" 111:localhost:80 for example and tested using telnet/port=111 localhost.
a tcpdump shows that the mount gets no response from the localhost on port 111 and is followed by an ICMP destination unreachable (port unreachable)
I've had a look at 8.4-2l1 TCPIP 5.7 eco 5 which in help has a tcpip mount/port qualifier but when you try and use it i get the following no matter where i place the qualifier:
CLI-W-IVQUAL, unrecognized qualifier - check validity, spelling, and placement \PORT\
I'm wondering if the qualifer doesnt actually exist....
I've also tried a tunnel on 2049 as well with the same timeout response.
Has anyone had any joy with NFS over SSH tunnel with OpenVMS?
> I'm trying to get NFS working between 2 openvms servers using an SSH > tunnel. [...]
I don't do enough with either NFS or SSH to know anything, but...
> [...] port 111 [...] 2049 [...]
I'd expect both of those to be needed, but my dim understanding of the portmapper was that it was used to negotiate other ports, too.
tcpip show portmapper
A quick Web search ("nfs ports") found a guide for GNU/Linux which includes a section (6.5) on "Tunneling NFS through SSH", which talks about pinning particular services to particular ports, which may or may not be possible on VMS+TCPIP:
Knowing nothing, I'd be looking for something fancier than SSH tunnels for this, like, perhaps, a VPN or IPsec, where dynamically negotiated ports might cause less trouble.
i found this http://www2.cs.siu.edu/~cs491-2/projects/tzigler-snfs.pdf which is for unix but explains the principle. with some unix you can specify the port that mount uses. thats why i was hoping that the tcpip mount/port would work so i could use a different local port instead of 111 to prevent any issues with using that port and to confirm which port it is actually using.....the help for it says this:
MOUNT
/PORT
/PORT=n
Optional. Default: 0.
The port number to connect to the NFS server on. If the default value of 0 is used, then query the remote host's portmapper for the port number. If the remote hosts' portmapper does not respond with a valid port number, then port number 2049 is used.
but it doesnt look like its actually implemented..... it doesnt help me going from 7.3-2 to 8.42l1 but it will prove it works and why it doesnt work from 7.3-2.... it suggests that a tunnel straight to 2049 rather than 111 should work but it doesnt...... looking at the tcpdump when a normal mount is tried ports 111, 10 and 2049 are the destination ports used in that sequence which is what is in portmapper, but mapping those ports doesnt work.
i've tried with wildcarding the proxy and export and mounting /host=localhost but still no response from the nfs service..
i found this http://www2.cs.siu.edu/~cs491-2/projects/tzigler-snfs.pdf which is for unix but explains the principle. with some unix you can specify the port that mount uses and thats why i was hoping that the v8.4-2l1 tcpip mount/port would work so i could use a different local port instead of 111 to prevent any issues with using that port and to confirm which port it is actually using.....the help for it says this:
MOUNT
/PORT
/PORT=n
Optional. Default: 0.
The port number to connect to the NFS server on. If the default value of 0 is used, then query the remote host's portmapper for the port number. If the remote hosts' portmapper does not respond with a valid port number, then port number 2049 is used.
but it doesnt look like its actually implemented..... it doesnt help me going from 7.3-2 to 8.42l1 but it will prove it works and why it doesnt work from 7.3-2.... it suggests that a tunnel straight to 2049 rather than 111 should work but it doesnt unless i'm doing something wrong......
looking at the tcpdump when a normal mount is tried ports 111, 10 and 2049 are the destination ports used which is what is also in portmapper on the remote server...
