Using ssh tunnel to port NFS through firewall and private network

network structure:
machine1 >> firewall >>>- Internet -> machine2 nfs_server

Step 1: on nfs_server, add line in /etc/exports:
nfs_dir 127.0.0.1(rw,async,insecur)
Also, add line in /etc/sysconfig/nfs
MOUNTD_PORT <port_number3
The port_number3 is a large number, for example, 32334,
Then do "service nfs restart"
This allows the nfs mount point is accessible from the box itself;

Step 2: on machine2, which can see its intranet node nfs_server, create two ssh tunnel:
$ ssh username@nfs_server -L :localhost:2049 -f sleep m
$ ssh username@nfs_server -L :localhost: -f sleep m

The should be replaced by a number of minutes you’d like the tunnel to open.
For example, 1440m for 24 hours.
The port_number1 and port_number2 are ports for the communication.

Step 3: on machine1, which can ssh machine2, however, machine2 cannot ssh machine1 because of the firewall, do
$ ssh username@machine2 -L :localhost: -f sleep m
$ ssh username@machine2 -L :localhost: -f sleep m

Step 4: on machine1, mount the nfs share:
$ mount -v -t nfs -o port=,mountport=,tcp localhost:/nfs_dir/ /mnt/mount_point/
where /nfs_dir/ is the name of the shared directory on nfs_server, and /mnt/mount_point/ is a local directory
as the mounting point.

Why mount localhost:/nfs_dir/? The reason is that the certain ports on localhost have been tunnelled through ssh
to the remote nfs server.

Note:
For a ssh tunnel that allows reverse ssh back from machine2 to machine1:
$ ssh user@machine2 -R :localhost:22 -f sleep m