Date: Mon, 8 Sep 2008 02:43:03 +0400 (MSD) From: Dmitry Morozovsky <marck@rinet.ru> To: Jeremy Chadwick <koitsu@freebsd.org> Cc: freebsd-fs@freebsd.org, Pawel Jakub Dawidek <pjd@freebsd.org> Subject: Re: ZFS filesystem: export for more than one subnet Message-ID: <alpine.BSF.2.00.0809080237580.53906@woozle.rinet.ru> In-Reply-To: <20080907220104.GA26094@icarus.home.lan> References: <alpine.BSF.2.00.0809071836130.76180@woozle.rinet.ru> <20080907220104.GA26094@icarus.home.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 7 Sep 2008, Jeremy Chadwick wrote: JC> > is there any way so one can export ZFS file system to more than one net? JC> > JC> > in classic NFS I would use more than one line in /etc/exports -- how can I JC> > express such behaviour in zfs properties? JC> JC> Didn't you inadvertently ask this same question 6 months ago? :-) JC> JC> http://lists.freebsd.org/pipermail/freebsd-current/2008-March/084079.html Well, not exactly - that time I did not bump into different destination problem ;) JC> I believe if 'sharenfs=off' (the default), you can manage NFS mounts via JC> /etc/exports like normal. Ideally, you should (?) be able to use JC> multiple "-network xxx/netmask" entries on the same export line. Hmm, that would do the trick; however, it seems to me that ZFS file system properties should be producet from the single source. JC> If you absolutely must do it via the 'zfs' command, according to pjd@'s JC> EuroBSDCon presentation, this should work: JC> JC> # /etc/rc.d/mountd start JC> # zfs set sharenfs="ro,network=x.x.x.x,mask=y.y.y.y" some_fs JC> # /etc/rc.d/mountd reload Well, this configures only one network per file system, isn't it? BTW, mountd will be reloaded by zfs automagically (and, as Kris bumps ito it, it would create a problem with race hole of inaccessible NFS mounts while mountd reloads the list) JC> However, I'd advocate you consider running pf on the machine running JC> mountd instead, and use an actual firewall to block who can talk to JC> mountd on the machine exporting the shares. I would prefer to do both ;) Oh, and hosts.allow possibly too... Or, would it be too inefficient? Thanks! Sincerely, D.Marck [DM5020, MCK-RIPE, DM3-RIPN] [ FreeBSD committer: marck@FreeBSD.org ] ------------------------------------------------------------------------ *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru *** ------------------------------------------------------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.0809080237580.53906>