Network Storage Protocols Discussions

Restrict CIFS shares by one of the IP address of a filer

renault

Hi all,

 

I would like to know if there is a way to do this :

- Add many IP adresses to a filer. Each IP from different VLANs

- Create cifs shares or NFS exports only accessible  from one of theses adresses.

 

My idea is to

- Create a rule on the firewall to allow trafic between as set of Windows or Linux servers to oneof the IP adresses of the filer

- Allow data acces from this IP adress to a set of server on the filer.

 

I take a look at DOT 9 documentation and it seems an export policy  may restrict access to qtree to a set of servers.

But I did not see that the IP used by the filer can be set too in a rule.

 

 

The only alternative should to create a SVM for each IP, but it's not very convenient

Thanks

MLD

 

 

 

 

 

 

 

4 REPLIES 4

Re: Restrict CIFS shares by one of the IP address of a filer

robinpeter

its possible to restrict the NAS protocol to restrict to a range or IP or a single IP

 

here is some example.

 

To Setup NFS Read-Write Access for the Client with IP Address 10.10.10.11, Use the following Export-Policy Rule.

::> vserver export-policy rule create -vserver nfs01 -policy nfspolicy -ruleindex 1 -protocol nfs -clientmatch 10.10.10.11 -rorule sys -rwrule sys

To Setup CIFS Read-Write Access for the Client with IP Address 10.10.10.11, Use the following Export-Policy Rule.

::> vserver export-policy rule create -vserver cifs01 -policy cifspolicy -ruleindex 1 -protocol cifs -clientmatch 10.10.10.11 -rorule ntlm,krb5 -rwrule ntlm,krb5

Hope that help..

Robin.

Re: Restrict CIFS shares by one of the IP address of a filer

renault

Hi

Thank you for your answer. But it does not answer to my needs :

To be more precise, I would like to be able to

- restrict CIFS share A to subnet 10.0.0.0/0

- restrict CIFS shares B to subnet 11.0.0.0/0

- restrict NFS export C to subnet 12.0.0.0./0 (in addtion of the exports file settings)

- restict NFS export D1 and  CIFS share D1 on the same data to subnet 13.0.0.0/0

 

Thanks

 

Re: Restrict CIFS shares by one of the IP address of a filer

SVHO

 

 

Did you ever get an answer for this?

 


Thanks,
SVHO

Re: Restrict CIFS shares by one of the IP address of a filer

AlexDawson

For what the original poster is looking at - having a share only accessable on one of the systems' IP addresses, and not others, the best option is to create multiple SVMs - each will have its own AD account and can have totally seperate domain auth as well as IP ranges.

Earn Rewards for Your Review!
GPI Review Banner
All Community Forums
Public