ZFS filesystem: export for more than one subnet

Dmitry Morozovsky marck at rinet.ru
Sun Sep 7 22:43:06 UTC 2008 

On Sun, 7 Sep 2008, Jeremy Chadwick wrote:

JC> > is there any way so one can export ZFS file system to more than one net? 
JC> > 
JC> > in classic NFS I would use more than one line in /etc/exports -- how can I 
JC> > express such behaviour in zfs properties?
JC> 
JC> Didn't you inadvertently ask this same question 6 months ago?  :-)
JC> 
JC> http://lists.freebsd.org/pipermail/freebsd-current/2008-March/084079.html

Well, not exactly - that time I did not bump into different destination problem 
;)

JC> I believe if 'sharenfs=off' (the default), you can manage NFS mounts via
JC> /etc/exports like normal.  Ideally, you should (?) be able to use
JC> multiple "-network xxx/netmask" entries on the same export line.

Hmm, that would do the trick; however, it seems to me that ZFS file system 
properties should be producet from the single source.

JC> If you absolutely must do it via the 'zfs' command, according to pjd@'s
JC> EuroBSDCon presentation, this should work:
JC> 
JC> # /etc/rc.d/mountd start
JC> # zfs set sharenfs="ro,network=x.x.x.x,mask=y.y.y.y" some_fs
JC> # /etc/rc.d/mountd reload

Well, this configures only one network per file system, isn't it? BTW, mountd 
will be reloaded by zfs automagically (and, as Kris bumps ito it, it would 
create a problem with race hole of inaccessible NFS mounts while mountd reloads 
the list)



JC> However, I'd advocate you consider running pf on the machine running
JC> mountd instead, and use an actual firewall to block who can talk to
JC> mountd on the machine exporting the shares.

I would prefer to do both ;) Oh, and hosts.allow possibly too... Or, would it 
be too inefficient?

Thanks!


Sincerely,
D.Marck                                     [DM5020, MCK-RIPE, DM3-RIPN]
[ FreeBSD committer:                                 marck at FreeBSD.org ]
------------------------------------------------------------------------
*** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck at rinet.ru ***
------------------------------------------------------------------------

More information about the freebsd-fs mailing list