SSH, SaMBa, & NFS?

Jeffrey Ross jeff at bubble.org
Fri Nov 24 16:57:45 UTC 2006 


Ian Malone wrote:
> On 24/11/06, Jeffrey Ross <jeff at bubble.org> wrote:
>> I know I can set up an SSH tunnel and proxy my traffic through the
>> tunnel, either by using specific predetermined ports or by using the -D
>> option so it works like a socks proxy.
>>
>> My question is, can I pass NFS or SaMBa traffic via an SSH tunnel as
>> well?  Performance via the tunnel is not a priority.
>>
>
> Samba yes, port 139(*), the host you are tunneling from will need
> to be allowed to access the share.  NFS, don't know.
>
> (*) Can be tunnelled from a Windows machine if you:
> 1. Install a loopback interface on 10.0.0.x (**)
> 2. Do the forwarding from 10.0.0.x:139 to the server port 139
> 3. Point windows at the share on 10.0.0.x:139
> (**) Apparently there's some issue with 127.0.0.x loopbacks,
> but I've never investigated.
>
Maybe I should have included a wonderful ASCII diagram so you can see 
how everything is laid out as the example you provided I think only 
allows between the two ssh endpoints.

Here is my pitiful ascii diagram:
                                     Private (10.x.x.x/8 addressing)
                                    |
                 v-public address   v        /--(smb fileservers)
(HostA)------(FW)--internet---(FW)---------------(HostB)
        ^                     ^-public address
        |
(private 172.16.x.x/20 addressing)                

I need (want?) host A to be able mount filesystems from any of the smb 
fileservers.  Host B has both NFS and Samba loaded and can mount smb 
filesystems from the smb fileservers today.

Also Host B's address space is in the 10 net, obviously I can choose 
another address range for a loopback, but I've never seen anything other 
than 127.0.0.1 as a loopback on a unix machine and changing it will 
surely break something.  Can I create loopback1?  I've never tried....

The SSH tunnel is between the two unix machines (Host A and Host B) only 
with the windoZe machine behind the unix machine terminating the ssh tunnel.

I have found sshfs and I'm in the process of reviewing it to see if it 
can do what I want.

Jeff

More information about the users mailing list