Not happy with the security properties of nfs? You could run nfs v4. Or you could tunnel nfs v3 over ssh.
You will need the server's file handle, and you will need to be able to mount using this file handle, bypassing portmap and mountd. The modified mount command lets you do both of these things.
mount_nfs41.diff
Patch for OpenBSD 4.1 mount_nfs
nfsmount.diff
Patch for linux nfsmount
Do this on a client that has permission to mount your server. In this OpenBSD example, s1 is your nfs server. The long string of hex digits is the file handle.
# /sbin/mount_nfs -nvT s1:/ /mnt 10.0.0.1:2049:fdddeb5919307f1c3fad6441660c192060e4b3dcc0c30df3c902d534b40cd2d3 s1:/
Linux is similar. Use the "gethandle" option.
In this example, s1 is your nfs server, and s2 is a host that you can ssh to and that is within s1's security perimeter. It may be the same as s1, or it may be on the same relatively secure physical net. It also must have permission (via /etc/exports) to mount s1. "12345" is an arbitrary port number.
% ssh -fN -L 12345:s1:2049 s2
Use a fstab entry like this on OpenBSD:
s1:/ /mnt nfs rw,-3,-T,-h=127.0.0.1:12345:fdddeb5919307f1c3fad6441660c192060e4b3dcc0c30df3c902d534b40cd2d3 0 0
Linux is similar. Use the "handle=" option. You also need the "nolock" option.
Jim Rees