Date: Wed, 2 Jul 2014 20:11:54 -0400 (EDT) From: Rick Macklem <rmacklem@uoguelph.ca> To: Bob Healey <healer@rpi.edu> Cc: freebsd-stable@freebsd.org Subject: Re: Interactions with mxge, pf, nfsd, and the kernel Message-ID: <1067481503.6609532.1404346314154.JavaMail.root@uoguelph.ca> In-Reply-To: <53B49DDF.6000607@rpi.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Bob Healey wrote: > What I want to do, and is not valid, is zfs set > sharenfs="maproot=root,network 128.113.185.0/24, network > 128.113.186.0/24,network 10.0.0.0/8" tank/home To get the desired > functionality, i have to do zfs set sharenfs="maproot=root,network > 0.0.0.0/0" and then set a host level firewall. > Here is about what I think the lines in /etc/exports would look like: /tank -maproot=root -network 128.113.185.0 -mask 255.255.255.0 /tank -network 128.113.186.0 -mask 255.255.255.0 /tank/home -network 10.0.0.0 -mask 255.0.0.0 You put these lines in /etc/exports. You do not use the "zfs set sharenfs..." command. Then you "kill -HUP <pid of mountd>" to make it re-read /etc/exports and then check /var/log/messages for any parsing errors detected by mountd. Obviously, I don't really understand your setup, so the above might not be correct. My suggestion was to put the lines in /etc/exports and not use "zfs set sharenfs...". rick > Bob Healey > Systems Administrator > Biocomputation and Bioinformatics Constellation > and Molecularium > healer@rpi.edu > (518) 276-4407 > > On 7/2/2014 7:50 PM, Ben Morrow wrote: > > Quoth Rick Macklem <rmacklem@uoguelph.ca>: > >> Bob Healey wrote: > >>>>> 10/8. If there is a way in zfs's sharenfs property to make > >>>>> that > >>>>> restriction, I'd be happy to change, but I really don't like > >>>>> leaving nfs > >>>>> open to the university's quartet of /16's, so PF it is. > >> You can specify pretty well any subnet for lines in /etc/exports. > >> You can export the file systems via /etc/exports. (I'm not a zfs > >> guy, but my understanding is that zfs sharenfs just generates > >> lines > >> for the exports file.) > > You can specify any exports(5) options in the sharenfs property. > > See > > Example 16 in zfs(8). > > > > Ben > > > > > > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to > "freebsd-stable-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1067481503.6609532.1404346314154.JavaMail.root>