From owner-freebsd-fs@FreeBSD.ORG Sun Sep 7 22:43:06 2008 Return-Path: Delivered-To: freebsd-fs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3ED4A1065673; Sun, 7 Sep 2008 22:43:06 +0000 (UTC) (envelope-from marck@rinet.ru) Received: from woozle.rinet.ru (woozle.rinet.ru [195.54.192.68]) by mx1.freebsd.org (Postfix) with ESMTP id 74AB58FC19; Sun, 7 Sep 2008 22:43:05 +0000 (UTC) (envelope-from marck@rinet.ru) Received: from localhost (localhost [127.0.0.1]) by woozle.rinet.ru (8.14.2/8.14.2) with ESMTP id m87Mh3fG055664; Mon, 8 Sep 2008 02:43:03 +0400 (MSD) (envelope-from marck@rinet.ru) Date: Mon, 8 Sep 2008 02:43:03 +0400 (MSD) From: Dmitry Morozovsky To: Jeremy Chadwick In-Reply-To: <20080907220104.GA26094@icarus.home.lan> Message-ID: References: <20080907220104.GA26094@icarus.home.lan> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) X-NCC-RegID: ru.rinet X-OpenPGP-Key-ID: 6B691B03 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.0 (woozle.rinet.ru [0.0.0.0]); Mon, 08 Sep 2008 02:43:03 +0400 (MSD) Cc: freebsd-fs@freebsd.org, Pawel Jakub Dawidek Subject: Re: ZFS filesystem: export for more than one subnet X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Sep 2008 22:43:06 -0000 On Sun, 7 Sep 2008, Jeremy Chadwick wrote: JC> > is there any way so one can export ZFS file system to more than one net? JC> > JC> > in classic NFS I would use more than one line in /etc/exports -- how can I JC> > express such behaviour in zfs properties? JC> JC> Didn't you inadvertently ask this same question 6 months ago? :-) JC> JC> http://lists.freebsd.org/pipermail/freebsd-current/2008-March/084079.html Well, not exactly - that time I did not bump into different destination problem ;) JC> I believe if 'sharenfs=off' (the default), you can manage NFS mounts via JC> /etc/exports like normal. Ideally, you should (?) be able to use JC> multiple "-network xxx/netmask" entries on the same export line. Hmm, that would do the trick; however, it seems to me that ZFS file system properties should be producet from the single source. JC> If you absolutely must do it via the 'zfs' command, according to pjd@'s JC> EuroBSDCon presentation, this should work: JC> JC> # /etc/rc.d/mountd start JC> # zfs set sharenfs="ro,network=x.x.x.x,mask=y.y.y.y" some_fs JC> # /etc/rc.d/mountd reload Well, this configures only one network per file system, isn't it? BTW, mountd will be reloaded by zfs automagically (and, as Kris bumps ito it, it would create a problem with race hole of inaccessible NFS mounts while mountd reloads the list) JC> However, I'd advocate you consider running pf on the machine running JC> mountd instead, and use an actual firewall to block who can talk to JC> mountd on the machine exporting the shares. I would prefer to do both ;) Oh, and hosts.allow possibly too... Or, would it be too inefficient? Thanks! Sincerely, D.Marck [DM5020, MCK-RIPE, DM3-RIPN] [ FreeBSD committer: marck@FreeBSD.org ] ------------------------------------------------------------------------ *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru *** ------------------------------------------------------------------------