From owner-freebsd-fs@FreeBSD.ORG Sun Sep 7 22:17:07 2008 Return-Path: Delivered-To: freebsd-fs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4FC21106564A for ; Sun, 7 Sep 2008 22:17:07 +0000 (UTC) (envelope-from jdc@koitsu.dyndns.org) Received: from QMTA02.emeryville.ca.mail.comcast.net (qmta02.emeryville.ca.mail.comcast.net [76.96.30.24]) by mx1.freebsd.org (Postfix) with ESMTP id 438F98FC12 for ; Sun, 7 Sep 2008 22:17:07 +0000 (UTC) (envelope-from jdc@koitsu.dyndns.org) Received: from OMTA06.emeryville.ca.mail.comcast.net ([76.96.30.51]) by QMTA02.emeryville.ca.mail.comcast.net with comcast id BqMP1a00B16AWCUA2y16El; Sun, 07 Sep 2008 22:01:06 +0000 Received: from koitsu.dyndns.org ([67.180.253.227]) by OMTA06.emeryville.ca.mail.comcast.net with comcast id By141a00D4v8bD78Sy15NN; Sun, 07 Sep 2008 22:01:06 +0000 X-Authority-Analysis: v=1.0 c=1 a=_xSQw29cvt0A:10 a=mtup3TuceYcA:10 a=6I5d2MoRAAAA:8 a=1TPBueD4AAAA:8 a=QycZ5dHgAAAA:8 a=kgleE0XVB3sWru73yLkA:9 a=xVbK4nlI7tJ8Qp0IxeCai7Zy7RcA:4 a=EoioJ0NPDVgA:10 a=LY0hPdMaydYA:10 Received: by icarus.home.lan (Postfix, from userid 1000) id A6FF317B84E; Sun, 7 Sep 2008 15:01:04 -0700 (PDT) Date: Sun, 7 Sep 2008 15:01:04 -0700 From: Jeremy Chadwick To: Dmitry Morozovsky Message-ID: <20080907220104.GA26094@icarus.home.lan> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.18 (2008-05-17) Cc: freebsd-fs@FreeBSD.org, Pawel Jakub Dawidek Subject: Re: ZFS filesystem: export for more than one subnet X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Sep 2008 22:17:07 -0000 On Sun, Sep 07, 2008 at 06:39:11PM +0400, Dmitry Morozovsky wrote: > Dear colleagues, > > is there any way so one can export ZFS file system to more than one net? > > in classic NFS I would use more than one line in /etc/exports -- how can I > express such behaviour in zfs properties? Didn't you inadvertently ask this same question 6 months ago? :-) http://lists.freebsd.org/pipermail/freebsd-current/2008-March/084079.html I believe if 'sharenfs=off' (the default), you can manage NFS mounts via /etc/exports like normal. Ideally, you should (?) be able to use multiple "-network xxx/netmask" entries on the same export line. If you absolutely must do it via the 'zfs' command, according to pjd@'s EuroBSDCon presentation, this should work: # /etc/rc.d/mountd start # zfs set sharenfs="ro,network=x.x.x.x,mask=y.y.y.y" some_fs # /etc/rc.d/mountd reload /etc/rc.d/mountd is already configured to read /etc/exports and /etc/zfs/exports, so all you should have to do is mountd_enable="yes" in rc.conf. You can also use CIDR syntax in network=xx/yy, which should decrease the line length. pjd@'s paper is here -- see page 18, "NFS is easy": http://2007.eurobsdcon.org/presentations/Pawel_Jakub_Dawidek/eurobsdcon07_zfs.pdf However, I'd advocate you consider running pf on the machine running mountd instead, and use an actual firewall to block who can talk to mountd on the machine exporting the shares. -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |