network structure:
\nmachine1 >> firewall >>>- Internet -> machine2 nfs_server<\/p>\n
Step 1: on nfs_server, add line in \/etc\/exports:
\n nfs_dir 127.0.0.1(rw,async,insecur)
\nAlso, add line in \/etc\/sysconfig\/nfs
\n MOUNTD_PORT <port_number3
\nThe port_number3 is a large number, for example, 32334,
\nThen do "service nfs restart"
\nThis allows the nfs mount point is accessible from the box itself;<\/p>\n
Step 2: on machine2, which can see its intranet node nfs_server, create two ssh tunnel:
\n$ ssh username@nfs_server -L :localhost:2049 -f sleep m
\n$ ssh username@nfs_server -L :localhost: -f sleep m <\/p>\n
The should be replaced by a number of minutes you’d like the tunnel to open.
\nFor example, 1440m for 24 hours.
\nThe port_number1 and port_number2 are ports for the communication.<\/p>\n
Step 3: on machine1, which can ssh machine2, however, machine2 cannot ssh machine1 because of the firewall, do
\n$ ssh username@machine2 -L :localhost: -f sleep m
\n$ ssh username@machine2 -L :localhost: -f sleep m <\/p>\n
Step 4: on machine1, mount the nfs share:
\n$ mount -v -t nfs -o port=,mountport=,tcp localhost:\/nfs_dir\/ \/mnt\/mount_point\/
\nwhere \/nfs_dir\/ is the name of the shared directory on nfs_server, and \/mnt\/mount_point\/ is a local directory
\nas the mounting point.<\/p>\n
Why mount localhost:\/nfs_dir\/? The reason is that the certain ports on localhost have been tunnelled through ssh
\nto the remote nfs server.<\/p>\n
Note:
\nFor a ssh tunnel that allows reverse ssh back from machine2 to machine1:
\n$ ssh user@machine2 -R :localhost:22 -f sleep m<\/p>\n","protected":false},"excerpt":{"rendered":"
network structure: machine1 >> firewall >>>- Internet -> machine2 nfs_server Step 1: on nfs_server, add line in \/etc\/exports: nfs_dir 127.0.0.1(rw,async,insecur) Also, add line in \/etc\/sysconfig\/nfs MOUNTD_PORT <port_number3 The port_number3 is a large number, for example, 32334, Then do "service nfs restart" This allows the nfs mount point is accessible from the box itself; Step 2: […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[21,3],"tags":[],"class_list":["post-350","post","type-post","status-publish","format-standard","hentry","category-computer-tips","category-mri-technical-support","post-blog"],"_links":{"self":[{"href":"https:\/\/csic.som.emory.edu\/~lzhou\/blogs\/index.php?rest_route=\/wp\/v2\/posts\/350","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/csic.som.emory.edu\/~lzhou\/blogs\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/csic.som.emory.edu\/~lzhou\/blogs\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/csic.som.emory.edu\/~lzhou\/blogs\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/csic.som.emory.edu\/~lzhou\/blogs\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=350"}],"version-history":[{"count":3,"href":"https:\/\/csic.som.emory.edu\/~lzhou\/blogs\/index.php?rest_route=\/wp\/v2\/posts\/350\/revisions"}],"predecessor-version":[{"id":352,"href":"https:\/\/csic.som.emory.edu\/~lzhou\/blogs\/index.php?rest_route=\/wp\/v2\/posts\/350\/revisions\/352"}],"wp:attachment":[{"href":"https:\/\/csic.som.emory.edu\/~lzhou\/blogs\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=350"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/csic.som.emory.edu\/~lzhou\/blogs\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=350"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/csic.som.emory.edu\/~lzhou\/blogs\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=350"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}