[JDSS] Read and Read/write access lists for NFS in Open-E JovianDSS

If you want to enable the NFS service in the Open-E JovianDSS GUI, expand the Zpool options and go to the ‘Shares’ tab and then click on the ‘Protocols’ options for the Share. There you can set both ‘Read access IPs’ and ‘Read/write access IPs’ to restrict access for them accordingly.

If both ‘Read access IPs’ and ‘Read/write access IPs’ fields are filled out with the same IPs, Open-E JovianDSS shows the following error, e.g:

This is correct behavior because this is not a valid configuration. Leaving the ‘Read access IPs’ field empty is not recommended as it will grant read access to all IPs in the network.

127.0.0.1 (loopback or localhost) can be used for ‘Read access IPs’ to solve this issue by creating a closed circuit.


As a workaround it is possible to select an IP for ‘Read/Write access’ and then to set a non-existing IP for ‘Read access IPs’. In this way, the selected IP address will have read/write access and other IPs from the existing subnet will not have read access to this share. However, it is not a secure option as the non-existing IP can be used by potential attackers.


Additionally, please see some tested examples below for more information on possible configurations

1. Virtual environment:

NFS Server: 
IP: 192.168.175.156

NFS Clients:

192.168.175.210 
192.168.175.214 
192.168.191.139 
192.168.191.153 

Hosts 192.168.175.210 and 192.168.175.214 are in subnet 192.168.160.0/20.
Hosts 192.168.191.139 and 192.168.191.153 are in subnet 192.168.176.0/20

All clients and servers only have one network adapter.


2. Test cases 


a. Read access IP=
    Read/write access IP=

In this test case, there are no IP restrictions for read or write access. The test results show that all clients are able to successfully read and write to the NFS server.


b. Read access IP=0.0.0.0/0 = 0.0.0.0
    Read/write access IP=


In this test case, read access is allowed from any IP address (0.0.0.0/0) and write access is not restricted. The test results show that all clients are denied access to both read and write operations. 

c. Read access IP=192.168.160.0
    Read/write access IP=192.168.160.0/20

In this test case, read and write access is restricted to clients in subnet 192.168.160.0/20. The test results show that clients in that subnet (192.168.175.210 and 192.168.175.214) are able to successfully read and write to the NFS server, while clients outside that subnet (192.168.191.139 and 192.168.191.153) are denied access to both read and write operations.


Article ID: 3441
Last updated: 12 Apr, 2023
Revision: 5
JovianDSS -> JovianDSS Information -> General info -> NFS -> [JDSS] Read and Read/write access lists for NFS in Open-E JovianDSS
https://kb.open-e.com/jdss-read-and-readwrite-access-lists-for-nfs-in-open-e-joviandss_3441.html