I have 4 NIC in my server: eth0, eth1, eth2, eth3.
It's a storage server with several disks.
I have three Volume Groups: vg_share1, vg_share2, vg_share3.
I want to share these Volume Groups with different NIC's like this:
vg_share1 --(NFS Share)--> Shared via eth1
vg_share2 --(NFS Share)--> Shared via eth2
vg_share3 --(NFS Share)--> Shared via eth3
How can I do this?
You can't limit on incoming IP address, but you can limit which source IPs can access a particular filesystem, like so:
/path/to/export 192.168.0.0/255.255.255.0(rw)
/path/to/otherexport 192.168.1.0/255.255.255.0(ro)
etc. I'm assuming your individual NICs are on individual networks, too; you can limit things that way.
The NFS server relies on RPC to route connections between nfs server(s) and client(s). According to the rpc.nfsd(8) manpage:
-H or --host hostname
specify a particular hostname (or address) that NFS requests will be accepted on. By default, rpc.nfsd will accept NFS requests on all known network addresses.
Note that lockd (which performs file locking services for NFS) may still accept request on all known network addresses. This may change in future releases of
the Linux Kernel. This option can be used multiple time to listen to more than one interface.
Therefore, you can configure the restriction, to some extent, on the NFS server's side by adding the hostname assigned to the IP/NIC into the /etc/nfs.conf configuration file.
For example:
cat /etc/hosts
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6
# Public network interface
123.312.222.111 myhostname.on.linedotcom
# Local network interface
192.168.1.1 myhostname.mydomain.lan
Then, add the hostname of the "Local network interface" to the nfsd section of the NFS configuration file /etc/nfs.conf
[nfsd]
hostname=myhostname.mydomain.lan
That way, the rpcbind daemon listens to that interface only, ignoring the public network interface.
Additionally, set the correct parameters within the /etc/exports configuration file, indicating only the local network/subdomain allowed to mount the Network File Shares.
cat /etc/exports
/srv/exampleshare 192.168.1.0/24(nfsoptionshereplzreplace)
Configure your Firewall accordingly
Separate your Network Interface Cards (NIC) into different zones, for example. Or, if using iptables, make the appropriate ports open only on the specific network or subdomain.
Just share your filesystems as normal, the NFS server by default listens on all interfaces.
On the client you can direct the to be mounted share per IP address (or DNS name if configured).
NFS Server - 0.0.0.0:2049 - ip address 1 <- client a mount vg_share1
- ip address 2 <- client b mount vg_share2
- ip address 3 <- client c mount vg_share3
You also might have a look at bonded interfaces. Using bonded interfaces you can also implement some way of fault tolerence and survive connections if one link should fail. With bonded interfaces you can even configure multiple IP addresses, VLANs etc.
NFS server - 0.0.0.0:2049 - bond0 <- client a, b, c mount their corresponding mounts
Bonded interface (with VLANs) overview:
eth1 \ / vlan x - address a
eth2 -> bond0 <- vlan y - address b
eth3 / \ vlan z - address c
Of course you can just configure the IP addresses without VLANs as well.
Edit /etc/nfs.conf
And assuming eth2 is 192.168.1.0 - use something like:
[nfsd]
host=192.168.1.0
