[oclug] Regarding NFS Share
hdc at fs.ca
Tue Jun 1 13:31:13 EDT 2004
On Tue, 1 Jun 2004 17:31:58 -0400, Ross Jordan wrote:
>It would seem sharma rohit, on Tue, Jun 01, 2004 at 02:12:25PM -0700, wrote:
>> 1> The IP address 192.168.25.6 is a part of private network guarded by a firewall
>> 2> The firewall has a IP address 22.214.171.124 as its external address
>> 3> How do I configure the NFS share
>NFS will work across the internet, but not across NAT'd networks.
>Probably the best way to make things work is to setup a virtual
>network (ipsec, VPN, or vtun) between the hosts. Note that although
>NFS will work across the internet, this is a very bad idea for security.
>You probably would want to tunnel it or use a secure alternative (SFS).
>Note that tunnelling NFS can make it unacceptably slow, and if you need
>to tunnel NFSv2 (UDP), things can be trickier.
I'll second that. I tried to do roughly what was described above (NFS
over a VPN across the Internet), and the performance was absolutely
abysmal. After doing a lot of searching on the Internet, it appears
that just about everyone else's performance is too.
Surprisingly, what _does_ work quite well is simply sharing resources
using samba. Mounting a samba share across the VPN across the Internet
is remarkably responsive.
(and it's all encrypted to boot).
More information about the OCLUG