If you want to enable the NFS service in the Open-E JovianDSS GUI, expand the Zpool options and go to the ‘Shares’ tab and then click on the ‘Protocols’ options for the Share. There you can set both ‘Read access IPs’ and ‘Read/write access IPs’ to restrict access for them accordingly.
If both ‘Read access IPs’ and ‘Read/write access IPs’ fields are filled out with the same IPs, Open-E JovianDSS shows the following error, e.g:
This is correct behavior because this is not a valid configuration. Leaving the ‘Read access IPs’ field empty is not recommended as it will grant read access to all IPs in the network.
127.0.0.1 (loopback or localhost) can be used for ‘Read access IPs’ to solve this issue by creating a closed circuit.
As a workaround it is possible to select an IP for ‘Read/Write access’ and then to set a non-existing IP for ‘Read access IPs’. In this way, the selected IP address will have read/write access and other IPs from the existing subnet will not have read access to this share. However, it is not a secure option as the non-existing IP can be used by potential attackers.
Additionally, please see some tested examples below for more information on possible configurations
1. Virtual environment:
NFS Server:
IP: 192.168.175.156
NFS Clients:
192.168.175.210
192.168.175.214
192.168.191.139
192.168.191.153
Hosts 192.168.175.210 and 192.168.175.214 are in subnet 192.168.160.0/20.
Hosts 192.168.191.139 and 192.168.191.153 are in subnet 192.168.176.0/20
All clients and servers only have one network adapter.
2. Test cases
a. Read access IP=
Read/write access IP=
In this test case, there are no IP restrictions for read or write access. The test results show that all clients are able to successfully read and write to the NFS server.
b. Read access IP=0.0.0.0/0 = 0.0.0.0
Read/write access IP=
In this test case, read access is allowed from any IP address (0.0.0.0/0) and write access is not restricted. The test results show that all clients are denied access to both read and write operations.
c. Read access IP=192.168.160.0
Read/write access IP=192.168.160.0/20
In this test case, read and write access is restricted to clients in subnet 192.168.160.0/20. The test results show that clients in that subnet (192.168.175.210 and 192.168.175.214) are able to successfully read and write to the NFS server, while clients outside that subnet (192.168.191.139 and 192.168.191.153) are denied access to both read and write operations.