Date: Wed, 02 Jul 2014 20:34:22 -0400 From: Bob Healey <healer@rpi.edu> Cc: freebsd-stable@freebsd.org Subject: Re: Interactions with mxge, pf, nfsd, and the kernel Message-ID: <53B4A50E.80505@rpi.edu> In-Reply-To: <1067481503.6609532.1404346314154.JavaMail.root@uoguelph.ca> References: <1067481503.6609532.1404346314154.JavaMail.root@uoguelph.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Ah. I change file systems often enough (adding/removing users) that I'd need to wrap zfs add and zfs destroy to mangle /etc/exports for me and HUP mountd. Bob Healey Systems Administrator Biocomputation and Bioinformatics Constellation and Molecularium healer@rpi.edu (518) 276-4407 On 7/2/2014 8:11 PM, Rick Macklem wrote: > Bob Healey wrote: >> What I want to do, and is not valid, is zfs set >> sharenfs="maproot=root,network 128.113.185.0/24, network >> 128.113.186.0/24,network 10.0.0.0/8" tank/home To get the desired >> functionality, i have to do zfs set sharenfs="maproot=root,network >> 0.0.0.0/0" and then set a host level firewall. >> > Here is about what I think the lines in /etc/exports would look like: > /tank -maproot=root -network 128.113.185.0 -mask 255.255.255.0 > /tank -network 128.113.186.0 -mask 255.255.255.0 > /tank/home -network 10.0.0.0 -mask 255.0.0.0 > > You put these lines in /etc/exports. You do not use the "zfs set sharenfs..." > command. > > Then you "kill -HUP <pid of mountd>" to make it re-read /etc/exports > and then check /var/log/messages for any parsing errors detected by mountd. > > Obviously, I don't really understand your setup, so the above might not > be correct. My suggestion was to put the lines in /etc/exports and not > use "zfs set sharenfs...". > > rick > >> Bob Healey >> Systems Administrator >> Biocomputation and Bioinformatics Constellation >> and Molecularium >> healer@rpi.edu >> (518) 276-4407 >> >> On 7/2/2014 7:50 PM, Ben Morrow wrote: >>> Quoth Rick Macklem <rmacklem@uoguelph.ca>: >>>> Bob Healey wrote: >>>>>>> 10/8. If there is a way in zfs's sharenfs property to make >>>>>>> that >>>>>>> restriction, I'd be happy to change, but I really don't like >>>>>>> leaving nfs >>>>>>> open to the university's quartet of /16's, so PF it is. >>>> You can specify pretty well any subnet for lines in /etc/exports. >>>> You can export the file systems via /etc/exports. (I'm not a zfs >>>> guy, but my understanding is that zfs sharenfs just generates >>>> lines >>>> for the exports file.) >>> You can specify any exports(5) options in the sharenfs property. >>> See >>> Example 16 in zfs(8). >>> >>> Ben >>> >>> >> _______________________________________________ >> freebsd-stable@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-stable >> To unsubscribe, send any mail to >> "freebsd-stable-unsubscribe@freebsd.org" >>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53B4A50E.80505>