Mailing List
Home
Forum Home
Linux - General Red Hat Linux discussion list
Enterprise Linux 3 - Discussion of Red Hat Enterprise Linux 3 (Taroon)
Installation - Getting started with Red Hat Linux
Red Hat Linux 9 - Discussion of Red Hat Linux 9 (Shrike)
Red Hat Linux 7.3 - Discussion of Red Hat Linux 7.3 (Valhalla)
Red Hat Linux 7.2 - Discussion of Red Hat Linux 7.2 (Enigma)
Apache Web Server
Oracle database, Microsoft SQL server ...
Subjects
application/x mplayer2 plugin
RPM error: db4 error(16) from dbenv >remove: Device or resource
   busy
Command stream end of file while reading
X Windows problem (xauth)
Upgrading openoffice 1 1 rpm
FTP: connection refused
FTP: connection refused
mount: /dev/cdrom: is not a valid block device
Dell Precision 650, RedHat 9, no sound
how to trace the cause resulting in the crash of bind server
Virus on the list
UNINSTALL RPM MYSQL
usb pen drives: mounting as a user
broadcom network interface
make mrproper
sendmail configuration on redhat
Couldn 't open PID file /var/run/named/named pid Permission denied
Promise 378 controller
kernel 2 6 and /dev/sound/mixer not found
Problem using up2date
mrtg step by step howto/configuration for a newbie?
Compiling and Installing Kernel 2 6
Can 't locate module ppp0, can 't locate module ppp compress 21
HOW I CAN MAKE BOOTABLE FLOPPY DISKET
Lotus Notes under Wine
/etc/security/limits conf question
Intel E/1000 driver
Command stream end of file while reading
rpm database corrupt
qla2300 modules
 
Search:  
Power your search with and, or, +, -, or "some phrase" operators.
Encrypted NFS via ssh tunelling

Encrypted NFS via ssh tunelling

2004-02-22       - By Daniel Kemper

 Back
Reply:     1     2     3     4  

This is really killin' me, so I was wondering if you guys (and gals) can help.
I'm trying to setup encrypted NFS with ssh on a Redhat 9.0 box, and I'm
almost there.  Below are the notes I put together.  Really straightforward,
but I keep getting the error:

channel 2: open failed: connect failed: Connection refused
channel 2: open failed: connect failed: Connection refused
channel 2: open failed: connect failed: Connection refused

I'm a desparate man, I really want to get it cuz I'm so close.  Any advice you
have would help.  I just want to post it on my site cuz I think it would be
cool.

~ comments preceded and terminated with '~' ~
~ I'm root throughout this exercise -DK ~

[djk@(protected) djk]$ su - root
Password:

[root@(protected) root]# cd /etc/rc.d/init.d
[root@(protected) init.d]# ./nfs start
Starting NFS services:                                     [  OK  ]
Starting NFS quotas:                                       [  OK  ]
Starting NFS daemon:                                       [  OK  ]
Starting NFS mountd:                                       [  OK  ]

[root@(protected) init.d]# ./sshd restart
Stopping sshd:                                             [  OK  ]
Starting sshd:                                             [  OK  ]

~ begin setting up the encrypted connection from the 'client' (7777:localhost)
to the 'server' on port 2049 -DK ~

[root@(protected) init.d]# ssh -f -c blowfish -L 7777:localhost:2049 -l djk
localhost sleep 300
djk@(protected)'s password:

~ need the mountd port for the next ssh mount port tunneling command -DK ~

[djk@(protected) djk]$ /usr/sbin/rpcinfo -p
program vers proto   port
 100000    2   tcp    111  portmapper
 100000    2   udp    111  portmapper
 100024    1   udp  32768  status
 100024    1   tcp  32768  status
 391002    2   tcp  32769  sgi_fam
 100011    1   udp    749  rquotad
 100011    2   udp    749  rquotad
 100011    1   tcp    752  rquotad
 100011    2   tcp    752  rquotad
 100003    2   udp   2049  nfs
 100003    3   udp   2049  nfs
 100021    1   udp  32770  nlockmgr
 100021    3   udp  32770  nlockmgr
 100021    4   udp  32770  nlockmgr
 100005    1   udp  32771  mountd
 100005    1   tcp  32811  mountd
 100005    2   udp  32771  mountd
 100005    2   tcp  32811  mountd
 100005    3   udp  32771  mountd
 100005    3   tcp  32811  mountd

~ note my attempt at tunneling via the udp port 32771 below, because my
repeated attempts at tunneling via the tcp port failed with

channel 2: open failed: connect failed: Connection refused
channel 2: open failed: connect failed: Connection refused
channel 2: open failed: connect failed: Connection refused
channel 2: open failed: connect failed: Connection refused

... repeated until I killed the ssh process and shutdown sshd in another
terminal window -DK ~

[root@(protected) init.d]# ssh -f -c blowfish -L 8888:localhost:32771 -l djk
localhost sleep 300
djk@(protected)'s password:

~ port status verification -DK ~

[root@(protected) init.d]# netstat -na | grep -E 'Proto|7777|8888'
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 127.0.0.1:7777          0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:8888          0.0.0.0:*               LISTEN

~ the failed mount command -DK ~

[root@(protected) init.d]# mount -t nfs -o tcp,port=7777,mountport=8888
localhost:/tmp /mnt/nfs/sshmount
channel 2: open failed: connect failed: Connection refused
mount: RPC: Unable to receive; errno = Connection reset by peer

~ In case you're curious, some firewall setup for portmapper (port 111) and
nfs (port 2049), these rules are taken from 'cat /etc/sysconfig/iptables'
output, as you can see, I just modified the lokkit rules, this works ok as far
as I can see, because nfs starts and portmapper works -DK ~

-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 111 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 111 --syn -j ACCEPT

~ the /etc/fstab file, the line we're concerned with here is the last line,
just default setup stuff you can see in 'man nfs' -DK ~

[root@(protected) root]# cat /etc/fstab
LABEL=/                 /                       ext3    defaults        1 1
LABEL=/boot             /boot                   ext3    defaults        1 2
none                    /dev/pts                devpts  gid=5,mode=620  0 0
none                    /proc                   proc    defaults        0 0
none                    /dev/shm                tmpfs   defaults        0 0
/dev/hdf3               swap                    swap    defaults        0 0
/dev/hdd4               /mnt/zip                auto    noauto,owner,kudzu 0 0
/dev/cdrom              /mnt/cdrom              udf,iso9660
noauto,owner,kudzu,ro 0 0
/dev/cdrom      /cd     iso9660 ro,user,noauto,unhide
/dev/fd0                /mnt/floppy             auto    noauto,owner,kudzu 0 0
localhost.localdomain:/tmp      /mnt/nfs/sshmount       nfs    
rsize=8192,wsize=8192,timeo=30,intr

~ the /etc/exports file, pretty standard -DK ~

[root@(protected) root]# cat /etc/exports
/tmp    localhost.localdomain(rw,insecure,root_squash)

-DK
Daniel Kemper
dan@(protected)

-DK
Daniel Kemper
dan@(protected)


--
Shrike-list mailing list
Shrike-list@(protected)
https://www.redhat.com/mailman/listinfo/shrike-list



Earn $52 per hosting referral at Lunarpages.