Subscribe

Restrict CIFS shares by one of the IP address of a filer

Hi all,

 

I would like to know if there is a way to do this :

- Add many IP adresses to a filer. Each IP from different VLANs

- Create cifs shares or NFS exports only accessible  from one of theses adresses.

 

My idea is to

- Create a rule on the firewall to allow trafic between as set of Windows or Linux servers to oneof the IP adresses of the filer

- Allow data acces from this IP adress to a set of server on the filer.

 

I take a look at DOT 9 documentation and it seems an export policy  may restrict access to qtree to a set of servers.

But I did not see that the IP used by the filer can be set too in a rule.

 

 

The only alternative should to create a SVM for each IP, but it's not very convenient

Thanks

MLD

 

 

 

 

 

 

 

Re: Restrict CIFS shares by one of the IP address of a filer

its possible to restrict the NAS protocol to restrict to a range or IP or a single IP

 

here is some example.

 

To Setup NFS Read-Write Access for the Client with IP Address 10.10.10.11, Use the following Export-Policy Rule.

::> vserver export-policy rule create -vserver nfs01 -policy nfspolicy -ruleindex 1 -protocol nfs -clientmatch 10.10.10.11 -rorule sys -rwrule sys

To Setup CIFS Read-Write Access for the Client with IP Address 10.10.10.11, Use the following Export-Policy Rule.

::> vserver export-policy rule create -vserver cifs01 -policy cifspolicy -ruleindex 1 -protocol cifs -clientmatch 10.10.10.11 -rorule ntlm,krb5 -rwrule ntlm,krb5

Hope that help..

Robin.

Re: Restrict CIFS shares by one of the IP address of a filer

Hi

Thank you for your answer. But it does not answer to my needs :

To be more precise, I would like to be able to

- restrict CIFS share A to subnet 10.0.0.0/0

- restrict CIFS shares B to subnet 11.0.0.0/0

- restrict NFS export C to subnet 12.0.0.0./0 (in addtion of the exports file settings)

- restict NFS export D1 and  CIFS share D1 on the same data to subnet 13.0.0.0/0

 

Thanks