# Share a filesystem (like nfs) across the Internet



## raindog308 (Feb 27, 2014)

What do you use to share a filesystem across the Internet?

Like nfs, but 


works on OpenVZ
works well across the Internet
In other words, server1 shares /foo and server2 mounts /foo and can reader/write to /foo.

sshfs?  My only concern there is that I believe it runs over the ssh port...typically my ssh port is open to the world.  I'd prefer something I could lock down a bit more with iptables.

I've used nfs extensively on the lan but...not across the net.  I'm not sure it's well-supported in OvZ.

I don't need a lot of performance...but ideally something that can tolerate the usual network hiccups that happen across the 'net.


----------



## WebSearchingPro (Feb 27, 2014)

SSHFS


----------



## dano (Feb 27, 2014)

Pretty sure you know of gluster:

"The final volume may then be mounted by the client host using its own native protocol via the FUSE mechanism" 

I usually use nfs for sharing gluster machine's data -- I guess it does have it's own way also(api as well), although I haven't tried it, but it could be an alternative for you, for multiple machines with sharing ability.


----------



## perennate (Feb 27, 2014)

> My only concern there is that I believe it runs over the ssh port...typically my ssh port is open to the world.  I'd prefer something I could lock down a bit more with iptables.


SSHFS is a nice wrapper on top of SFTP for mounting, I don't really understand your problem with it.


----------



## KuJoe (Feb 27, 2014)

I use NFS personally. I run the nsfd server on an OpenVZ VPS and mount the share across all of my ESXi hosts (GA, NC, and CO). It works really nice.


----------



## raindog308 (Feb 27, 2014)

perennate said:


> SSHFS is a nice wrapper on top of SFTP for mounting, I don't really understand your problem with it.


If I say in iptables that only certain IPs can access that port, then I can only ssh from those IPs, right?


----------



## NodeBytes (Feb 27, 2014)

I'm using AFP (Apple File Protocol) across all my servers and machines. It works well and integrates with my macbook and servers really well.


----------



## howardsl2 (Feb 27, 2014)

You can run multiple SSHD processes each having its own config file and listen on different ports. There are tutorials on Google. After that, make a dedicated user for sshfs e.g. autossh, use AllowUsers to restrict the first SSHD to root, for example, and the second SSHD to autossh only. Also under match user autossh, allow only sftp with chroot. Problem solved.


----------



## rapidnode (Feb 27, 2014)

sshfs with key based auth of course. You should be able to restrict users per IP like this: AllowUsers [email protected] sshfsuser


----------



## NickM (Feb 27, 2014)

I'm with @KuJoe on this one.  NFS over the internet has worked fine, in my experience.  If you're going over the internet, use NFSv4 with kerberos, or NFSv3 with a VPN.  I particularly like tinc for this.  In fact, this is how HostGuard handles sharing ISOs/templates by default - NFS over a tinc VPN, with the NFS server only allowing NFS connections from the tinc subnet.

Edit:  It works fine in OpenVZ if the container has --features "nfsdn" (for NFS servers) or --features "nfsn" for clients.


----------

