summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xnfs-ssh-fw83
1 files changed, 83 insertions, 0 deletions
diff --git a/nfs-ssh-fw b/nfs-ssh-fw
new file mode 100755
index 0000000..5a8e7a2
--- /dev/null
+++ b/nfs-ssh-fw
@@ -0,0 +1,83 @@
+#!/usr/bin/perl -w
+
+# Found here:
+# http://www.samag.com/documents/s=4072/sam0203d/sam0203d.htm
+
+use strict;
+use File::Basename;
+
+## CONFIGURATION
+my $nfs_server = "nfs1"; # the nfs server to connect to
+my $nfs_server_user = "james"; # a valid username on the nfs server
+my $use_version = "2"; # nfs-user-server uses 2, otherwise 3
+ # would be better. Check output of
+ # 'rpcinfo -p <servername>'
+
+my $nfsd_client_port = "2818"; # we will port forward nfsd here
+my $mountd_client_port = "3045"; # we will port forward mountd here
+my $sleep_length = "86400"; # how long to sleep before restarting
+ # 86400 secs is one day. Note
+ # this is overridden if a command is
+ # specified in the server's
+ # authorized_keys2 file
+
+# need to keep '-f', can also specify encryption algorithm, the ssh version
+# and the id key
+my $ssh_opts = "-f -c blowfish -2 -i /home/james/.ssh/id_dsa_nfs";
+
+my %rpcinfo_col = ( # change as per output of rpcinfo -p
+ 'program' => '0',
+ 'version' => '1',
+ 'protocol' => '2',
+ 'port' => '3',
+ 'daemon' => '4'
+);
+
+## END CONFIGURATION
+
+# not much should need to change below here
+my $prog_name = basename($0);
+my $nfsd_server_port = "";
+my $mountd_server_port = "";
+
+
+# for signals
+$SIG{INT} = sub { die "$0 interrupted and dying (does not kill ssh)\n" };
+
+my $first_time = 1;
+while (1) {
+ if ($first_time) {
+ print "$prog_name: Starting ssh/nfs forwarding&#151;\n";
+ $first_time = 0;
+ } else {
+ print "$prog_name: Restarting ssh/nfs forwarding&#151;\n";
+ }
+
+ # first, get the rpcinfo
+ my @rpcinfo = `rpcinfo -p $nfs_server`;
+
+ print "My rpcinfo =\n @rpcinfo";
+
+ # now get the nfsd and mountd port numbers
+ foreach (@rpcinfo) {
+ my @line = split;
+ if ($line[$rpcinfo_col{"version"}] eq $use_version &&
+ $line[$rpcinfo_col{"daemon"}] eq "nfs" &&
+ $line[$rpcinfo_col{"protocol"}] eq "tcp") {
+ $nfsd_server_port = $line[$rpcinfo_col{"port"}];
+ print (" nfsd port = $nfsd_server_port");
+ } elsif ($line[$rpcinfo_col{"version"}] eq $use_version &&
+ $line[$rpcinfo_col{"daemon"}] eq "mountd" &&
+ $line[$rpcinfo_col{"protocol"}] eq "tcp") {
+ $mountd_server_port = $line[$rpcinfo_col{"port"}];
+ print (", mountd port = $mountd_server_port\n");
+ }
+ }
+
+ # now run ssh (if this fails, we get the error message and
+ # retry). This should run all the time. This also won't die
+ # unless the nfs mount is done.
+ `/usr/bin/ssh $ssh_opts -L \
+ $nfsd_client_port:$nfs_server:$nfsd_server_port -L \
+ $mountd_client_port:$nfs_server:$mountd_server_port -l \
+ $nfs_server_user $nfs_server /bin/sleep $sleep_length`;