[linux] Force mountd to use UDP

zanfur at zanfur.com zanfur at zanfur.com
Fri Dec 3 12:54:06 PST 2004


I think the piece you need is "vtun", which will do the udp/tcp conversion
for you. So, make an ssh tunnel, tunnel vtun through that (unless you
want to rely upon vtun's encryption), and set up udp vtun tunnels for the
nfs traffic.

I was hoping to use netcat for it, but netcat either works in full udp
mode or full tcp mode. Bugger.

In any case, I think full-bore IPSec was definitely a better way to go.
tunnelling udp over a tcp tunnel over tcp is SLOW. This was just as a
stop-gap measure.

Cheers!
-robin

On Fri, Dec 03, 2004 at 12:31:45AM -0800, David Talkington wrote:

> -----BEGIN PGP SIGNED MESSAGE-----

> Hash: SHA1

>

> zanfur at zanfur.com wrote:

>

> >share via udp inside/through of a FreeBSD jail, over tcp ssh tunnels -- it

>

> I didn't think it was possible to tunnel UDP in this way -- which is why

> I went to full-bore IPSec to protect NFS to my DMZ. Was I wrong? Can

> UDP tunneling over SSH be done? What's your secret?

>

> - --

> David Talkington

> Computing and Communications

> University of Washington

> 206-543-2144

> - --

> dtalk at u.washington.edu

> - --

> PGP key: http://staff.washington.edu/dtalk/004B8F8B.asc

> -----BEGIN PGP SIGNATURE-----

> Version: GnuPG v1.2.6 (FreeBSD)

>

> iD8DBQFBsCR45FKhdwBLj4sRAkZiAKCqT5QL78jGzwYCSxFrF2VcqCyBVwCfe9he

> rHY76PQYqMGdrgJXpnZHTx0=

> =vEnR

> -----END PGP SIGNATURE-----


--

Robin Battey
zanfur at zanfur.com

Messages from this address are signed with key 0x6A57B07D. Fingerprint:
3914 F63C A99C 8EC1 785B 8287 1D8B D2F3 6A57 B07D



----- End forwarded message -----

--

Robin Battey
zanfur at zanfur.com

Messages from this address are signed with key 0x6A57B07D. Fingerprint:
3914 F63C A99C 8EC1 785B 8287 1D8B D2F3 6A57 B07D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: <http://mailman13.u.washington.edu/pipermail/linux/attachments/20041203/2b633a2b/attachment.sig>


More information about the Linux mailing list