0

I'm trying to follow this guide https://fillumina.wordpress.com/2022/10/18/best-way-to-share-a-folder-between-linux-pcs-nfs-vs-smb-vs-sshfs/ where it concludes at Installation of NFS + SSH tunnel

Note: The vps wants to connect to the computer to use the computers external drive

on the local computer

apt-get install nfs-kernel-server nfs-common portmap

nano /etc/exports

add:

/mnt/mn1 102.254.243.168(insecure,rw,sync,no_subtree_check,no_root_squash)

save the restart

systemctl restart nfs-kernel-server.service

iptables -A INPUT -i enp4s0f0 -p tcp --dport 22 -s 102.254.275.167 -j ACCEPT
iptables -A INPUT -i enp4s0f0 -p tcp --dport 3049 -s 102.254.275.167 -j ACCEPT
ufw allow from 102.254.275.167 to any port nfs

on the vps

apt-get install nfs-common portmap

mkdir /mnt/mn1

ssh -fNv -L 3049:localhost:2049 [email protected] -i nas

This part does not work

mount -v -t nfs -o proto=tcp,port=3049 164.238.71.109:/mnt/mn1 /mnt/mn1
mount.nfs: timeout set for Sat Oct 28 18:19:00 2023
mount.nfs: trying text-based options 'proto=tcp,port=3049,vers=4.2,addr=164.238.71.109,clientaddr=102.254.275.167'
mount.nfs: mount(2): Connection timed out
mount.nfs: Connection timed out

tried this also

mount -v -t nfs4 -o verproto=tcp,port=3049 164.238.71.109:/mnt/mn1 /mnt/mn1
mount.nfs4: timeout set for Sat Oct 28 18:06:15 2023
mount.nfs4: trying text-based options 'verproto=tcp,port=3049,vers=4.2,addr=164.238.71.109,clientaddr=102.254.275.167'
mount.nfs4: mount(2): Invalid argument
mount.nfs4: trying text-based options 'verproto=tcp,port=3049,vers=4.1,addr=164.238.71.109,clientaddr=102.254.275.167'
mount.nfs4: mount(2): Invalid argument
mount.nfs4: trying text-based options 'verproto=tcp,port=3049,vers=4.0,addr=164.238.71.109,clientaddr=102.254.275.167'
mount.nfs4: mount(2): Invalid argument
mount.nfs4: trying text-based options 'verproto=tcp,port=3049,addr=164.238.71.109'
mount.nfs4: prog 100003, trying vers=3, prot=6
mount.nfs4: portmap query retrying: RPC: Program not registered
mount.nfs4: prog 100003, trying vers=3, prot=17
mount.nfs4: portmap query failed: RPC: Unable to receive - Connection refused
mount.nfs4: trying text-based options 'verproto=tcp,port=3049,vers=4.0,addr=164.238.71.109,clientaddr=102.254.275.167'
mount.nfs4: mount(2): Invalid argument
mount.nfs4: trying text-based options 'verproto=tcp,port=3049,addr=164.238.71.109'
mount.nfs4: prog 100003, trying vers=3, prot=6
mount.nfs4: portmap query retrying: RPC: Program not registered
mount.nfs4: prog 100003, trying vers=3, prot=17
mount.nfs4: portmap query failed: RPC: Unable to receive - Connection refused
mount.nfs4: trying text-based options 'verproto=tcp,port=3049,vers=4.0,addr=164.238.71.109,clientaddr=102.254.275.167'
mount.nfs4: mount(2): Invalid argument
mount.nfs4: trying text-based options 'verproto=tcp,port=3049,addr=164.238.71.109'
mount.nfs4: prog 100003, trying vers=3, prot=6
mount.nfs4: portmap query retrying: RPC: Program not registered
mount.nfs4: prog 100003, trying vers=3, prot=17

Additional info

on the local machine

rpcinfo -p | grep nfs
    100003    3   tcp   2049  nfs
    100003    4   tcp   2049  nfs

nmap -Pn 102.254.275.167
Starting Nmap 7.80 ( https://nmap.org ) at 2023-10-28 16:58 WEST
Nmap scan report for hostname.com (102.254.275.167)
Host is up (0.16s latency).
Not shown: 969 filtered ports, 30 closed ports
PORT   STATE SERVICE
22/tcp open  ssh

rpcinfo -p
   program vers proto   port  service
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100000    2   tcp    111  portmapper
    100000    4   udp    111  portmapper
    100000    3   udp    111  portmapper
    100000    2   udp    111  portmapper
    100024    1   udp  60788  status
    100024    1   tcp  34639  status
    100005    1   udp  42895  mountd
    100005    1   tcp  46313  mountd
    100005    2   udp  55483  mountd
    100005    2   tcp  38869  mountd
    100005    3   udp  47377  mountd
    100005    3   tcp  44549  mountd
    100003    3   tcp   2049  nfs
    100003    4   tcp   2049  nfs
    100227    3   tcp   2049
    100021    1   udp  60048  nlockmgr
    100021    3   udp  60048  nlockmgr
    100021    4   udp  60048  nlockmgr
    100021    1   tcp  45775  nlockmgr
    100021    3   tcp  45775  nlockmgr
    100021    4   tcp  45775  nlockmgr

systemctl status nfs-server.service
● nfs-server.service - NFS server and services
     Loaded: loaded (/lib/systemd/system/nfs-server.service; enabled; vendor preset: enabled)
    Drop-In: /run/systemd/generator/nfs-server.service.d
             └─order-with-mounts.conf
     Active: active (exited) since Sat 2023-10-28 16:54:42 WEST; 31min ago
    Process: 6470 ExecStartPre=/usr/sbin/exportfs -r (code=exited, status=0/SUCCESS)
    Process: 6471 ExecStart=/usr/sbin/rpc.nfsd (code=exited, status=0/SUCCESS)
   Main PID: 6471 (code=exited, status=0/SUCCESS)
        CPU: 5ms

oct 28 16:54:42 benz systemd[1]: Starting NFS server and services...
oct 28 16:54:42 benz systemd[1]: Finished NFS server and services.

on the vps

lsof -i :3049
COMMAND  PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
ssh     1578 root    4u  IPv4  37815      0t0  TCP localhost.localdomain:3049 (LISTEN)
ssh     1578 root    5u  IPv6  37816      0t0  TCP localhost:3049 (LISTEN)

rpcinfo -p
   program vers proto   port  service
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100000    2   tcp    111  portmapper
    100000    4   udp    111  portmapper
    100000    3   udp    111  portmapper
    100000    2   udp    111  portmapper
    100024    1   udp  47567  status
    100024    1   tcp  33615  status
Improve this question

1 Answer 1

Reset to default
0

SSH -L tunnels are established on 127.0.0.1/::1 (localhost) on the client machine, as your 'lsof' shows. But you're mounting directly using the server's IP address – doing so completely bypasses the tunnel and makes a direct connection. That fails because the server is still listening on port 2049 (not 3049).

If you want to go through the SSH tunnel, specify localhost:/mnt/mn1 as the mount source. (Doing so makes the server's ufw configuration irrelevant, and in fact you should close the NFS port unless you're using Kerberos security.)

Note that on the server side, the connection via the tunnel will also appear as if it's coming from localhost, not from the client's original address, so you need to adjust /etc/exports for that.

"Invalid argument" most likely shows up because verproto= is not a valid option. It looks like vers=4.2,proto=tcp was meant instead. You can omit it entirely – NFSv4 only supports TCP anyway.

Improve this answer
9
  • Thank you for your help, but mount -v -t nfs -o port=3049 localhost:/mnt/mn1 /mnt/mn1 how will that typed into the vps know where on earth my local computer is?
    – Ben Muircroft
    Commented Oct 28, 2023 at 19:05
  • removed ufw allow from 102.254.275.167 to any port nfs ty
    – Ben Muircroft
    Commented Oct 28, 2023 at 19:16
  • Is your VPS the machine that's serving the NFS share and the local computer connecting to it, or the other way around?
    – grawity_u1686
    Commented Oct 28, 2023 at 19:32
  • The vps wants to connect to the computer to use the computers external drive (yes the other way round!)
    – Ben Muircroft
    Commented Oct 28, 2023 at 20:00
  • 1
    In that case, it knows because localhost:3049 is where your SSH client is listening, and you already told your SSH client to forward connections from the client's localhost:3049 to the SSH server's localhost:2049 (where NFS is).
    – grawity_u1686
    Commented Oct 28, 2023 at 21:22

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .