Tuesday, June 14, 2011

Mount NFS over an SSH tunnel

I'm in a bit of a situation where I need to access an NFS share on a file server in the Prod network from a server in the test lab, but a few networking configurations stop me doing so. Previously I've just been using 'scp' to get the files I want, but this isn't exactly the most efficient means of data transfer, so I've decided to utilise my favourite ssh function - tunnels.

The setup is something like this:

Test server -> Solaris Router -> prod server

So, I need to create a tunnel which forwards traffic from a local port on the test server, through the solaris router, to a port on the prod server.

In order to do this, we need to know which port NFS uses - the default port is shown in /etc/services.

# grep nfs /etc/services
nfsd 2049/udp nfs # NFS server daemon (clts)
nfsd 2049/tcp nfs # NFS server daemon (cots)
From this, we know we need to make sure the end of our tunnel is port 2049 on the prod file server.

In the below example I've used port 3049 for the local bind - really this can be any port, but an increment of the end point port makes life a little easier. The following command needs to be run on the test server.

# ssh -L 3049:prod_server:2049 solaris_router -l root

Because the local bind is to port 3049, when we mount the NFS share, we have to tell the mount command to use this port, instead of the default. Again, the following command needs to be run on the test server.

# mount -o port=3049 localhost:/export/dump_area /mnt

No comments: