From owner-freebsd-stable@FreeBSD.ORG Thu Jul 3 00:34:23 2014 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 20CFE334 for ; Thu, 3 Jul 2014 00:34:23 +0000 (UTC) Received: from smtp10.server.rpi.edu (smtp10.server.rpi.edu [128.113.2.230]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id CF4642551 for ; Thu, 3 Jul 2014 00:34:22 +0000 (UTC) Received: from smtp-auth1.server.rpi.edu (route.canit.rpi.edu [128.113.2.231]) by smtp10.server.rpi.edu (8.14.3/8.14.3/Debian-9.4) with ESMTP id s630YL43003435 for ; Wed, 2 Jul 2014 20:34:21 -0400 Received: from smtp-auth1.server.rpi.edu (localhost [127.0.0.1]) by smtp-auth1.server.rpi.edu (Postfix) with ESMTP id 394BF5801C for ; Wed, 2 Jul 2014 20:34:21 -0400 (EDT) Received: from [129.161.218.128] (jumping-jack-128.dynamic2.rpi.edu [129.161.218.128]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: healer) by smtp-auth1.server.rpi.edu (Postfix) with ESMTPSA id 1EBF65800A for ; Wed, 2 Jul 2014 20:34:21 -0400 (EDT) Message-ID: <53B4A50E.80505@rpi.edu> Date: Wed, 02 Jul 2014 20:34:22 -0400 From: Bob Healey User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 CC: freebsd-stable@freebsd.org Subject: Re: Interactions with mxge, pf, nfsd, and the kernel References: <1067481503.6609532.1404346314154.JavaMail.root@uoguelph.ca> In-Reply-To: <1067481503.6609532.1404346314154.JavaMail.root@uoguelph.ca> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP X-Bayes-Prob: 0.0001 (Score 0, tokens from: outgoing, @@RPTN) X-Spam-Score: 0.00 () [Hold at 15.10] X-CanIt-Incident-Id: 03MlAylDH X-CanIt-Geo: ip=129.161.218.128; country=US; region=Connecticut; city=Hartford; latitude=41.7637; longitude=-72.6851; http://maps.google.com/maps?q=41.7637,-72.6851&z=6 X-CanItPRO-Stream: outgoing X-Canit-Stats-ID: Bayes signature not available X-Scanned-By: CanIt (www . roaringpenguin . com) on 128.113.2.230 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jul 2014 00:34:23 -0000 Ah. I change file systems often enough (adding/removing users) that I'd need to wrap zfs add and zfs destroy to mangle /etc/exports for me and HUP mountd. Bob Healey Systems Administrator Biocomputation and Bioinformatics Constellation and Molecularium healer@rpi.edu (518) 276-4407 On 7/2/2014 8:11 PM, Rick Macklem wrote: > Bob Healey wrote: >> What I want to do, and is not valid, is zfs set >> sharenfs="maproot=root,network 128.113.185.0/24, network >> 128.113.186.0/24,network 10.0.0.0/8" tank/home To get the desired >> functionality, i have to do zfs set sharenfs="maproot=root,network >> 0.0.0.0/0" and then set a host level firewall. >> > Here is about what I think the lines in /etc/exports would look like: > /tank -maproot=root -network 128.113.185.0 -mask 255.255.255.0 > /tank -network 128.113.186.0 -mask 255.255.255.0 > /tank/home -network 10.0.0.0 -mask 255.0.0.0 > > You put these lines in /etc/exports. You do not use the "zfs set sharenfs..." > command. > > Then you "kill -HUP " to make it re-read /etc/exports > and then check /var/log/messages for any parsing errors detected by mountd. > > Obviously, I don't really understand your setup, so the above might not > be correct. My suggestion was to put the lines in /etc/exports and not > use "zfs set sharenfs...". > > rick > >> Bob Healey >> Systems Administrator >> Biocomputation and Bioinformatics Constellation >> and Molecularium >> healer@rpi.edu >> (518) 276-4407 >> >> On 7/2/2014 7:50 PM, Ben Morrow wrote: >>> Quoth Rick Macklem : >>>> Bob Healey wrote: >>>>>>> 10/8. If there is a way in zfs's sharenfs property to make >>>>>>> that >>>>>>> restriction, I'd be happy to change, but I really don't like >>>>>>> leaving nfs >>>>>>> open to the university's quartet of /16's, so PF it is. >>>> You can specify pretty well any subnet for lines in /etc/exports. >>>> You can export the file systems via /etc/exports. (I'm not a zfs >>>> guy, but my understanding is that zfs sharenfs just generates >>>> lines >>>> for the exports file.) >>> You can specify any exports(5) options in the sharenfs property. >>> See >>> Example 16 in zfs(8). >>> >>> Ben >>> >>> >> _______________________________________________ >> freebsd-stable@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-stable >> To unsubscribe, send any mail to >> "freebsd-stable-unsubscribe@freebsd.org" >>