- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- NFS over SSH tunnel
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-31-2018 02:57 AM
05-31-2018 02:57 AM
NFS over SSH tunnel
hi
I'm trying to get NFS working between 2 openvms servers using an SSH tunnel. The client is running 7.3-2 TCPIP v5.4 eco 7 - Host1 (client) and server is running 8.4-2L1 TCPIP 5.7 eco 5 - Host2 (server). The mount is tested and working locally on host2.
on host2 nfs setup
tcpip map "/test" dsa0:
tcpip add export "/test/smg/test"/option=typeless/host=(host1,host2)
tcpip add proxy/host=(*)/nfs/uid=65/gid=50 testacc
from host1
tcpip mount dnfs111:[smg.test]/host="host2"/path="/test/smg/test"/processor=UNIQUE/gid=50/uid=65/write
As the tcpip mount command doesnt allow a specifc port to be define I've tried with port 111 to create the tunnel using. Looking at tcpdump traces form a normal nfs it connects to port 111.
ssh -"L" 111:localhost:111 host2
which should map to the portmapper on host2... however i get timeout on the mount from host1.
tcpip mount dnfs111:[smg.test]/host="localhost"/path="/test/smg/test"/processor=UNIQUE/gid=50/uid=65/write
%TCPIP$DNFSMOUNT-E-MOUNTFAIL, error mounting _DNFS111:[SMG.TEST]
-SYSTEM-F-TIMEOUT, device timeout
I can create tunnels to telnet and web services on host2 on the same port using ssh -"L" 111:localhost:80 for example and tested using telnet/port=111 localhost.
I've also created a local proxy on host2
tcpip add proxy/host=(host2)/nfs/uid=65/gid=50 testacc
a tcpdump shows that the mount gets no response from the localhost on port 111 and is followed by an ICMP destination unreachable (port unreachable)
I've had a look at 8.4-2l1 TCPIP 5.7 eco 5 which in help has a tcpip mount/port qualifier but when you try and use it i get the following no matter where i place the qualifier:
CLI-W-IVQUAL, unrecognized qualifier - check validity, spelling, and placement
\PORT\
I'm wondering if the qualifer doesnt actually exist....
I've also tried a tunnel on 2049 as well with the same timeout response.
Has anyone had any joy with NFS over SSH tunnel with OpenVMS?
thanks
Ted
- Tags:
- NFS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-31-2018 06:37 AM
05-31-2018 06:37 AM
Re: NFS over SSH tunnel
> I'm trying to get NFS working between 2 openvms servers using an SSH
> tunnel. [...]
I don't do enough with either NFS or SSH to know anything, but...
> [...] port 111 [...] 2049 [...]
I'd expect both of those to be needed, but my dim understanding of
the portmapper was that it was used to negotiate other ports, too.
tcpip show portmapper
A quick Web search ("nfs ports") found a guide for GNU/Linux which
includes a section (6.5) on "Tunneling NFS through SSH", which talks
about pinning particular services to particular ports, which may or may
not be possible on VMS+TCPIP:
http://tldp.org/HOWTO/NFS-HOWTO/security.html
Knowing nothing, I'd be looking for something fancier than SSH
tunnels for this, like, perhaps, a VPN or IPsec, where dynamically
negotiated ports might cause less trouble.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-01-2018 03:02 AM
06-01-2018 03:02 AM
Re: NFS over SSH tunnel
thanks for the reply.
i found this http://www2.cs.siu.edu/~cs491-2/projects/tzigler-snfs.pdf which is for unix but explains the principle. with some unix you can specify the port that mount uses. thats why i was hoping that the tcpip mount/port would work so i could use a different local port instead of 111 to prevent any issues with using that port and to confirm which port it is actually using.....the help for it says this:
MOUNT
/PORT
/PORT=n
Optional. Default: 0.
The port number to connect to the NFS server on. If the default
value of 0 is used, then query the remote host's portmapper for the
port number. If the remote hosts' portmapper does not respond with
a valid port number, then port number 2049 is used.
but it doesnt look like its actually implemented..... it doesnt help me going from 7.3-2 to 8.42l1 but it will prove it works and why it doesnt work from 7.3-2.... it suggests that a tunnel straight to 2049 rather than 111 should work but it doesnt......
looking at the tcpdump when a normal mount is tried ports 111, 10 and 2049 are the destination ports used in that sequence which is what is in portmapper, but mapping those ports doesnt work.
i've tried with wildcarding the proxy and export and mounting /host=localhost but still no response from the nfs service..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-07-2018 02:24 AM
06-07-2018 02:24 AM
Re: NFS over SSH tunnel
i found this http://www2.cs.siu.edu/~cs491-2/projects/tzigler-snfs.pdf which is for unix but explains the principle. with some unix you can specify the port that mount uses and thats why i was hoping that the v8.4-2l1 tcpip mount/port would work so i could use a different local port instead of 111 to prevent any issues with using that port and to confirm which port it is actually using.....the help for it says this:
MOUNT
/PORT
/PORT=n
Optional. Default: 0.
The port number to connect to the NFS server on. If the default
value of 0 is used, then query the remote host's portmapper for the
port number. If the remote hosts' portmapper does not respond with
a valid port number, then port number 2049 is used.
but it doesnt look like its actually implemented..... it doesnt help me going from 7.3-2 to 8.42l1 but it will prove it works and why it doesnt work from 7.3-2.... it suggests that a tunnel straight to 2049 rather than 111 should work but it doesnt unless i'm doing something wrong......
looking at the tcpdump when a normal mount is tried ports 111, 10 and 2049 are the destination ports used which is what is also in portmapper on the remote server...