Is it possible to restrict access to volumes/qtrees/shares to specific network interfaces? For instance, I create a volume and/or qtree to host a database. I don't want it to be accessed via the onboard 10/100 connection, instead I only want it to be accessible by a dedicated GbE connection i.e. e4a.
the only two things i know - first, you can make a nic trusted or untrusted : this way users may or may not write/alter data throught this nic (rw versus ro), surelly not what you want - the second is you can export shares to a specific netgroup - but this assume you use NFS, not CIFS
i am not at all aware of how you could add some kind of * network ACL * on a cifs share
but perhaps the best thing is to do the work on your server : make an alias in your hosts file (or equivalent nis, dns, wins ?) another name like filer-e4a which record the second adress by which you would this access
good luck
Holland, William L wrote:
Is it possible to restrict access to volumes/qtrees/shares to specific network interfaces? For instance, I create a volume and/or qtree to host a database. I don't want it to be accessed via the onboard 10/100 connection, instead I only want it to be accessible by a dedicated GbE connection i.e. e4a.
Holland, William L wrote:
Is it possible to restrict access to volumes/qtrees/shares to specific network interfaces? For instance, I create a volume and/or qtree to host a database. I don't want it to be accessed via the onboard 10/100 connection, instead I only want it to be accessible by a dedicated GbE connection i.e. e4a.
Hello William
Yes. You'll have to buy a MultiStore / VFiler license. This will give you the ability to use multiple independent routing tables for different physical and/or virtual network interfaces, named "IP spaces". Then you create a vfiler and assign your qtrees/volumes and the selected ip space to it, configure the protocol NFS, CIFS, RSH and you are done.
Smile & regards! Dirk
-
Dirk Schmiedt -
Holland, William L -
Stephane Bentebba