我正在尝试遵循本指南https://fillumina.wordpress.com/2022/10/18/best-way-to-share-a-folder-between-linux-pcs-nfs-vs-smb-vs-sshfs/结论是安装 NFS+SSH 隧道
注意:vps 需要连接到计算机才能使用计算机的外部驱动器
在本地计算机上
apt-get install nfs-kernel-server nfs-common portmap
nano /etc/exports
添加:
/mnt/mn1 102.254.243.168(insecure,rw,sync,no_subtree_check,no_root_squash)
保存重启
systemctl restart nfs-kernel-server.service
iptables -A INPUT -i enp4s0f0 -p tcp --dport 22 -s 102.254.275.167 -j ACCEPT
iptables -A INPUT -i enp4s0f0 -p tcp --dport 3049 -s 102.254.275.167 -j ACCEPT
ufw allow from 102.254.275.167 to any port nfs
在 vps 上
apt-get install nfs-common portmap
mkdir /mnt/mn1
ssh -fNv -L 3049:localhost:2049 [email protected] -i nas
这部分不起作用
mount -v -t nfs -o proto=tcp,port=3049 164.238.71.109:/mnt/mn1 /mnt/mn1
mount.nfs: timeout set for Sat Oct 28 18:19:00 2023
mount.nfs: trying text-based options 'proto=tcp,port=3049,vers=4.2,addr=164.238.71.109,clientaddr=102.254.275.167'
mount.nfs: mount(2): Connection timed out
mount.nfs: Connection timed out
也尝试过
mount -v -t nfs4 -o verproto=tcp,port=3049 164.238.71.109:/mnt/mn1 /mnt/mn1
mount.nfs4: timeout set for Sat Oct 28 18:06:15 2023
mount.nfs4: trying text-based options 'verproto=tcp,port=3049,vers=4.2,addr=164.238.71.109,clientaddr=102.254.275.167'
mount.nfs4: mount(2): Invalid argument
mount.nfs4: trying text-based options 'verproto=tcp,port=3049,vers=4.1,addr=164.238.71.109,clientaddr=102.254.275.167'
mount.nfs4: mount(2): Invalid argument
mount.nfs4: trying text-based options 'verproto=tcp,port=3049,vers=4.0,addr=164.238.71.109,clientaddr=102.254.275.167'
mount.nfs4: mount(2): Invalid argument
mount.nfs4: trying text-based options 'verproto=tcp,port=3049,addr=164.238.71.109'
mount.nfs4: prog 100003, trying vers=3, prot=6
mount.nfs4: portmap query retrying: RPC: Program not registered
mount.nfs4: prog 100003, trying vers=3, prot=17
mount.nfs4: portmap query failed: RPC: Unable to receive - Connection refused
mount.nfs4: trying text-based options 'verproto=tcp,port=3049,vers=4.0,addr=164.238.71.109,clientaddr=102.254.275.167'
mount.nfs4: mount(2): Invalid argument
mount.nfs4: trying text-based options 'verproto=tcp,port=3049,addr=164.238.71.109'
mount.nfs4: prog 100003, trying vers=3, prot=6
mount.nfs4: portmap query retrying: RPC: Program not registered
mount.nfs4: prog 100003, trying vers=3, prot=17
mount.nfs4: portmap query failed: RPC: Unable to receive - Connection refused
mount.nfs4: trying text-based options 'verproto=tcp,port=3049,vers=4.0,addr=164.238.71.109,clientaddr=102.254.275.167'
mount.nfs4: mount(2): Invalid argument
mount.nfs4: trying text-based options 'verproto=tcp,port=3049,addr=164.238.71.109'
mount.nfs4: prog 100003, trying vers=3, prot=6
mount.nfs4: portmap query retrying: RPC: Program not registered
mount.nfs4: prog 100003, trying vers=3, prot=17
附加信息
在本地机器上
rpcinfo -p | grep nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
nmap -Pn 102.254.275.167
Starting Nmap 7.80 ( https://nmap.org ) at 2023-10-28 16:58 WEST
Nmap scan report for hostname.com (102.254.275.167)
Host is up (0.16s latency).
Not shown: 969 filtered ports, 30 closed ports
PORT STATE SERVICE
22/tcp open ssh
rpcinfo -p
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 60788 status
100024 1 tcp 34639 status
100005 1 udp 42895 mountd
100005 1 tcp 46313 mountd
100005 2 udp 55483 mountd
100005 2 tcp 38869 mountd
100005 3 udp 47377 mountd
100005 3 tcp 44549 mountd
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100227 3 tcp 2049
100021 1 udp 60048 nlockmgr
100021 3 udp 60048 nlockmgr
100021 4 udp 60048 nlockmgr
100021 1 tcp 45775 nlockmgr
100021 3 tcp 45775 nlockmgr
100021 4 tcp 45775 nlockmgr
systemctl status nfs-server.service
● nfs-server.service - NFS server and services
Loaded: loaded (/lib/systemd/system/nfs-server.service; enabled; vendor preset: enabled)
Drop-In: /run/systemd/generator/nfs-server.service.d
└─order-with-mounts.conf
Active: active (exited) since Sat 2023-10-28 16:54:42 WEST; 31min ago
Process: 6470 ExecStartPre=/usr/sbin/exportfs -r (code=exited, status=0/SUCCESS)
Process: 6471 ExecStart=/usr/sbin/rpc.nfsd (code=exited, status=0/SUCCESS)
Main PID: 6471 (code=exited, status=0/SUCCESS)
CPU: 5ms
oct 28 16:54:42 benz systemd[1]: Starting NFS server and services...
oct 28 16:54:42 benz systemd[1]: Finished NFS server and services.
在 vps 上
lsof -i :3049
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
ssh 1578 root 4u IPv4 37815 0t0 TCP localhost.localdomain:3049 (LISTEN)
ssh 1578 root 5u IPv6 37816 0t0 TCP localhost:3049 (LISTEN)
rpcinfo -p
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 47567 status
100024 1 tcp 33615 status
答案1
SSH-L隧道是在客户端计算机上的 127.0.0.1/::1 (localhost) 上建立的,正如您的 lsof 所示。但您直接使用服务器的 IP 地址进行挂载 - 这样做会完全绕过隧道并建立直接连接。这会失败,因为服务器仍在监听端口 2049(而不是 3049)。
如果要通过 SSH 隧道,请指定localhost:/mnt/mn1为挂载源。(这样做会使服务器的 ufw 配置变得无关紧要,事实上你应该关闭NFS 端口,除非您使用 Kerberos 安全性。)
请注意,在服务器端,通过隧道的连接将还看起来好像是来自本地主机,而不是来自客户端的原始地址,因此您需要调整 /etc/exports。
“无效参数”很可能出现,因为verproto=这不是有效选项。它看起来应该vers=4.2,proto=tcp是这个意思。您可以完全忽略它——NFSv4 无论如何只支持 TCP。