Accessing an NFS share via another server.

Issues related to configuring your network
Post Reply
GingerMonkey
Posts: 3
Joined: 2018/06/01 14:07:05

Accessing an NFS share via another server.

Post by GingerMonkey » 2018/06/07 13:10:25

Hi All

I am hoping you can help me with an problem connecting to an NFS export that piggy backs off another server.

I have scenario whereby i have 2 CentOS servers and a SAN hosting an NFS share.

1. ServerA (DMZ)
2. ServerB (LAN)
3. NetApp SAN (LAN)

The share is on the SAN, and export policy permits access from ServerB on the same vLAN. This share is mounted on ServerB as say /data/db. and thats all well and good.

The troublesome bit is that ServerA also needs to be able to access this share from the SAN, and we cannot open up access inbound from the DMZ to the NFS interface of the SAN for security reasons.

i had an idea of sharing out /data from ServerB permitting ServerA access to it point to point from the DMZ. The point to point access only links the Servers A and B which i can permit inbound from the DMZ as they are linked. So effectively using ServerB as a middle man for ServerA to access the data on the SAN.

I can successfully mount a share from ServerB on ServerA. But i cannot see the data/folder structure that resides within /data/db/.

I created a txt file in /data/db on ServerB before mounting to the SAN as a test, and this shows that when ServerA access the share on ServerB it only sees the local txt file i created.

My question anyway is;

is it possible to connect a SAN share via another server to the DMZ Server? Can anyone suggest something that i may have done wrong, or offer a better option to achieving this?

I understand if it is not be possible to gain access to a share via a piggy back share, just need some advice on this.

Thanks in advance

P

tunk
Posts: 376
Joined: 2017/02/22 15:08:17

Re: Accessing an NFS share via another server.

Post by tunk » 2018/06/07 14:37:15

I had a similar scenario (without any DMZ), and from a bit of web searching I got the impression that it's not possible.
In the end I used sshfs to mount it on serverA. NB: It umounts itself maybe once or twice a week, so in my case it's not very stable.

GingerMonkey
Posts: 3
Joined: 2018/06/01 14:07:05

Re: Accessing an NFS share via another server.

Post by GingerMonkey » 2018/06/07 15:37:58

Thanks tunk

I've never heard of SSHFS but will have a look, but the stability of the mount is needed otherwise i'd be introducing a a problem to a critical app.

Since i have stepped away from the problem for a short while, i had a little chance to think and it maybe possible to achieve this using CIFS rather than NFS, but won't know until i try. But will be checking into SSHFS when i get downtime to read up.

Thanks

P

hunter86_bg
Posts: 1315
Joined: 2015/02/17 15:14:33
Location: Bulgaria
Contact:

Re: Accessing an NFS share via another server.

Post by hunter86_bg » 2018/06/09 19:13:27

Can you try the following:
1. Mount /data/db to another place:

Code: Select all

mount -o rbind,context="system_u:object_r:nfs_t:s0" /data/db /export
2. Export '/export' to ServerA
3. Try to mount on ServerA the /export from ServerB

GingerMonkey
Posts: 3
Joined: 2018/06/01 14:07:05

Re: Accessing an NFS share via another server.

Post by GingerMonkey » 2018/07/26 07:38:48

Update, tried a few weeks back and SSHFS and CIFS options didn't not work but worth a go.

@hunter86_bg, thanks for the advice and will have a go in the next day or so.

My last option if doesn't work is to create a new VMDK disk on ServerB and export it rather than connecting back to the SAN NFS volume.

Thanks

Post Reply