A secure remote filesystem that can traverse NAT

Forum: LinuxTotal Replies: 14
Author Content
Sander_Marechal

Jun 04, 2007
4:28 PM EDT
Hi all,

I am looking for a secure remote filesystem that is able to traverse NAT. As I understand it NFS and SMB are not able to traverse NAT. Besides, using a Windows server protocol in an all Debian/etch network seems "wrong" somehow :-) I would like to host a secure network filesystem here and let a friend have access to it too. I've been thinking about sshfs but that doesn't seem like an ideal solution to me.

Do you know of any other options?
jdixon

Jun 04, 2007
7:11 PM EDT
Well, re-reading your message, you've already considered sshfs, which is the only one I can think of. I'll look around, but I haven't encountered any others.
jdixon

Jun 04, 2007
7:22 PM EDT
OK, take a look at SFS:

http://www.fs.net/sfswww/sfsfaq.html

and see if it looks usable or not. It mentions several other options in its faq, some of which you may also want to look at.
Sander_Marechal

Jun 04, 2007
10:22 PM EDT
SFS looks interesting. Thanks for that.

Come to think of it, some kind of collaboration/groupware server could also do the job. I want to use the shared directory as a place where my freind and I store details on various projects and customers for our business. E.g. design concepts. Invoices. Passwords to webservers. Etcetera If there is something like 37Signals' Basecamp that I can install myself (http://www.basecamphq.com/) then that would work well too I guess.
Aladdin_Sane

Jun 04, 2007
10:46 PM EDT
Sounds like a wiki to me.
Sander_Marechal

Jun 05, 2007
1:53 AM EDT
It's not. But a wiki that would allow me to attach arbitrary files to a page would go some way.
NoDough

Jun 05, 2007
8:31 AM EDT
Have you considered setting him up with VPN access to your private network?
jdixon

Jun 05, 2007
9:04 AM EDT
> Have you considered setting him up with VPN access to your private network?

That's definitely something you might want to consider. There's a partial list of options at:

http://www.ontko.com/~nathanst/linux_vpns.html
Sander_Marechal

Jun 05, 2007
1:23 PM EDT
No, I haven't really considered VPN yet. At first sight it seems a bit overkill for simply sharing a directory. Bit I'll have another look at it.
tuxchick

Jun 05, 2007
2:49 PM EDT
I heart sshfs. Gwan, try it, you'll like it. EZ howto at the bottom of this article: http://itmanagement.earthweb.com/article.php/3650436

It's just like ssh, only you get a whole filesystem instead of individual files.

**edit** Augh, my old eyes missed that you already considered sshfs. Never mind, then.
Sander_Marechal

Jun 05, 2007
3:13 PM EDT
My main concern about sshfs it two-fold and it stems from the fact that sshfs is a filesystem built on top of something that isn't:

1) How does it play with other file systems? Can I export a directory over NFS to my local network and have someone use it over sshfs at the same time?

2) How complete is sshfs as a filesystem. Does it do locking so that me and my friend don't overwrite eachother's changes? Can I transfer only parts of files?

A good example: to read tags off an mp3 or ogg I only need the first part of the file, not all of it. If I unleash my mp3 tragger on an sshfs mounted system, does it need to transfer all X gigabyte of files? Or can it simply transfer only the first Y bytes of every file so the total transfer is only Z (with Z
dcparris

Jun 05, 2007
3:23 PM EDT
OpenVPN is something I wrote about not long ago. It really isn't that difficult to setup - especially if you already understand security certificates. Really, it's not much more difficult than NFS - and that's only because of the SSL certificates. ;-) Just a thought.
Aladdin_Sane

Jun 05, 2007
4:08 PM EDT
sander, virtual file system network bandwidth would not be a problem with other solutions?

What I mean is, would not a VPN have the same drawback for reading mp3 tags as sshfs?

I use a virtual fs: FUSE with encfs. Works fine and has the drawback you'd expect: When copying large # of files within the volume, takes noticeably long to unencrypt and reencrpyt.

Reality wouldn't have it any other way. Or, c'est la vie.

Are we dealing with a dial-up connection here?

Seems like for dial-up VPN is the usual solution for that.

I just realized that sshfs is also a FUSE fs. So, maybe I do have a bit of expertise there. Very easy to set up, I thought, and very very secure (I can't even get in as root, only the one user account that has access rights and the password).

wiki I know little about from the admin side, but I know that it allows password-protected login, and easy file transfer using http links.
jdixon

Jun 05, 2007
7:28 PM EDT
From what I've read and what others are saying, it sounds like sshfs is the clear favorite. SFS is probably a distant second option, and running a VPN solution would probably be the third. Any of the above will probably let you do what you want. There are also probably at least a dozen more esoteric ways to do it, as is usually the case with Unix/Linux. Pick you poison and give it a try. :)
Sander_Marechal

Jun 06, 2007
1:18 AM EDT
Quoting:sander, virtual file system network bandwidth would not be a problem with other solutions?


I don't know. I know that NFS does not have that problem (i.e. I can write a program that opens a file and returns just the first 1K of data without transferring all of the file over the network). Maybe it's a FUSE problem.

Quoting:Are we dealing with a dial-up connection here?


ADSL with 1 Mbit up. SSH takes a lot of overhead so effective transfer speed between my friend and me over SSH is something like 40-60 kilobytes per second. Good enough for a shared folder with e.g. project documentation. Not good enough to share large amounts of data.

You cannot post until you login.