From owner-freebsd-stable@FreeBSD.ORG Thu Jul 3 00:11:55 2014 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C45DC8DF for ; Thu, 3 Jul 2014 00:11:55 +0000 (UTC) Received: from esa-annu.net.uoguelph.ca (esa-annu.mail.uoguelph.ca [131.104.91.36]) by mx1.freebsd.org (Postfix) with ESMTP id 898F7237F for ; Thu, 3 Jul 2014 00:11:54 +0000 (UTC) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AqsEAHQItFODaFve/2dsb2JhbABXAw6DUVqCbqhSAQEBBpMUhm1TAYEidYQDAQEBAwEBAQEgKyALBRYOCgICDRkCKQEJJgYIBwQBHASIGQgNqlmbMBeBLIREiGEBARskEAcRgmaBTAWYAoQzkkGDAV4hNYEFOQ X-IronPort-AV: E=Sophos;i="5.01,591,1400040000"; d="scan'208";a="137916552" Received: from muskoka.cs.uoguelph.ca (HELO zcs3.mail.uoguelph.ca) ([131.104.91.222]) by esa-annu.net.uoguelph.ca with ESMTP; 02 Jul 2014 20:11:54 -0400 Received: from zcs3.mail.uoguelph.ca (localhost.localdomain [127.0.0.1]) by zcs3.mail.uoguelph.ca (Postfix) with ESMTP id 28521B403F; Wed, 2 Jul 2014 20:11:54 -0400 (EDT) Date: Wed, 2 Jul 2014 20:11:54 -0400 (EDT) From: Rick Macklem To: Bob Healey Message-ID: <1067481503.6609532.1404346314154.JavaMail.root@uoguelph.ca> In-Reply-To: <53B49DDF.6000607@rpi.edu> Subject: Re: Interactions with mxge, pf, nfsd, and the kernel MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Originating-IP: [172.17.91.209] X-Mailer: Zimbra 7.2.6_GA_2926 (ZimbraWebClient - FF3.0 (Win)/7.2.6_GA_2926) Cc: freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jul 2014 00:11:55 -0000 Bob Healey wrote: > What I want to do, and is not valid, is zfs set > sharenfs="maproot=root,network 128.113.185.0/24, network > 128.113.186.0/24,network 10.0.0.0/8" tank/home To get the desired > functionality, i have to do zfs set sharenfs="maproot=root,network > 0.0.0.0/0" and then set a host level firewall. > Here is about what I think the lines in /etc/exports would look like: /tank -maproot=root -network 128.113.185.0 -mask 255.255.255.0 /tank -network 128.113.186.0 -mask 255.255.255.0 /tank/home -network 10.0.0.0 -mask 255.0.0.0 You put these lines in /etc/exports. You do not use the "zfs set sharenfs..." command. Then you "kill -HUP " to make it re-read /etc/exports and then check /var/log/messages for any parsing errors detected by mountd. Obviously, I don't really understand your setup, so the above might not be correct. My suggestion was to put the lines in /etc/exports and not use "zfs set sharenfs...". rick > Bob Healey > Systems Administrator > Biocomputation and Bioinformatics Constellation > and Molecularium > healer@rpi.edu > (518) 276-4407 > > On 7/2/2014 7:50 PM, Ben Morrow wrote: > > Quoth Rick Macklem : > >> Bob Healey wrote: > >>>>> 10/8. If there is a way in zfs's sharenfs property to make > >>>>> that > >>>>> restriction, I'd be happy to change, but I really don't like > >>>>> leaving nfs > >>>>> open to the university's quartet of /16's, so PF it is. > >> You can specify pretty well any subnet for lines in /etc/exports. > >> You can export the file systems via /etc/exports. (I'm not a zfs > >> guy, but my understanding is that zfs sharenfs just generates > >> lines > >> for the exports file.) > > You can specify any exports(5) options in the sharenfs property. > > See > > Example 16 in zfs(8). > > > > Ben > > > > > > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to > "freebsd-stable-unsubscribe@freebsd.org" >