Hi toasters,
as we are getting more and more secure we do now have some firewalls within our internal network which prevent us from accessing e.g. installation files or some tool-stuff from central stores on our filers.
I have tested a little bit with ssh-tunneling for NFS. With my client this works well, but i have trouble doing this with my filers.
Here is what i do:
client>> ssh -f -L 7777:filer:2049 -l root nstore2 sysstat 100 client>> ssh -f -L 8888:filer:4046 -l root nstore2 sysstat 100
Where 2049 is the filers nfs port and 4046 ist mountd.
On the filer i have exported a volume /vol/test to the filer itself.
When i now run
client>> mount -t nfs -o tcp,port=7777,mountport=8888 localhost:/vol/test /mnt
The client hangs and on the filer i see the message:
[openssh.dispatch.protocol:warning]: SSH dispatch failed from address myclientsIP, type 90, packet 10
Has anybody ever tried this or has an idea where my problem is?? Or does anybody know if this is absolutely impossible with filers?
Best Regards and thanks in advance
Jochen
Hi Jochen,
I have tested a little bit with ssh-tunneling for NFS.
Bad idea.
client>> ssh -f -L 7777:filer:2049 -l root nstore2 sysstat 100 client>> ssh -f -L 8888:filer:4046 -l root nstore2 sysstat 100
What's nstore2? Is this a filer or a unix host? AFAIK the OnTap sshd will not do any port forwarding.
Or does anybody know if this is absolutely impossible with filers?
Never tried it but i don't see a reason to do this anyway.
If you 'just' need something to manage vol0: Install a jump/staging host to manage the filer.
You could also use rdfile/wrfile. (We are doing this on our FCP-Only filers and it works well.. it's not user friendly.. but it works.)
Regards, Adrian
On Nov 9, 2007, at 6:47 AM, Willeke, Jochen wrote:
Hi toasters,
as we are getting more and more secure we do now have some firewalls within our internal network which prevent us from accessing e.g. installation files or some tool-stuff from central stores on our filers.
How about IPSEC?
-- Michael Barrow michael at michaelbarrow dot name
Hi,
thanks for all replies.
The point was that i was looking for a quick way to share ressources within different "security-zones". I do not mean a solution for managing vol0.
Is IPSec useable with filers?? Never done that...
Best Regards
Jochen
-----Original Message----- From: Michael Barrow [mailto:michael@michaelbarrow.name] Sent: Saturday, November 10, 2007 12:54 AM To: Willeke, Jochen Cc: toasters@mathworks.com Subject: Re: nfs tunneling with SSH
On Nov 9, 2007, at 6:47 AM, Willeke, Jochen wrote:
Hi toasters,
as we are getting more and more secure we do now have some firewalls within our internal network which prevent us from accessing e.g. installation files or some tool-stuff from central stores on our filers.
How about IPSEC?
-- Michael Barrow michael at michaelbarrow dot name
On Nov 14, 2007, at 7:59 AM, Willeke, Jochen wrote:
Is IPSec useable with filers?? Never done that...
Dunno what you mean by "useable" but Data ONTAP totally supports IPSEC. You can use it for connections between the storage system and clients or between storage systems (e.g., SnapMirror).
For more information, check out the Data ONTAP Network Management Guide.
-- Michael Barrow michael at michaelbarrow dot name
-
Adrian Ulrich -
Michael Barrow -
Willeke, Jochen