[ale] showmount and mount do nothing....

[Bob Toxen]

John,

> Hmm...I'm starting to think this is a firewall issue.  The box I'm trying
> to mount is on my DMZ (don't ask), and after running showmount I can see a
> bunch of ICMP host not reachable messages being sent from firewall to dmz
> machine.

> Is there a way to use ssh to create a pipe of sorts?  I'd like to have
> access transparently to one specific directory on the dmz machine.

As Jason Day pointed out, NFSv3 does support NFS over TCP and SSH can be
used to form a VPN tunnel for TCP to pass through.

You first may want to determine if the problem is a firewall problem.
Viewing the firewall's logs and talking with whomever maintains it should
clarify this.  Running Ethereal or tcpdump on both the NFS client and
server systems also would provide the answer to this.

Next, you want to ensure that your proposed VPN does not endanger
security as it will be used to bypass the firewall rule against NFS
between the inside and DMZ networks.  There are lots of security issues
with NFS and one generally should severely limit access by systems on the
DMZ to servers on the inside network.

> Thanks!
> John

Bob Toxen
transam at verysecurelinux.com            [Bob's ALE Bulk email]
bob at verysecurelinux.com                [Please use for email to me]
http://www.verysecurelinux.com         [Network&Linux/Unix security consulting]

My book:"Real World Linux Security, 2nd Ed.", published 10/24/2002
ISBN: 0130464562: http://www.realworldlinuxsecurity.com/

Fly-By-Day Consulting, Inc.      "Don't go with a fly-by-night outfit!"
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.