Accessing an NFS share via another server.
Posted: 2018/06/07 13:10:25
Hi All
I am hoping you can help me with an problem connecting to an NFS export that piggy backs off another server.
I have scenario whereby i have 2 CentOS servers and a SAN hosting an NFS share.
1. ServerA (DMZ)
2. ServerB (LAN)
3. NetApp SAN (LAN)
The share is on the SAN, and export policy permits access from ServerB on the same vLAN. This share is mounted on ServerB as say /data/db. and thats all well and good.
The troublesome bit is that ServerA also needs to be able to access this share from the SAN, and we cannot open up access inbound from the DMZ to the NFS interface of the SAN for security reasons.
i had an idea of sharing out /data from ServerB permitting ServerA access to it point to point from the DMZ. The point to point access only links the Servers A and B which i can permit inbound from the DMZ as they are linked. So effectively using ServerB as a middle man for ServerA to access the data on the SAN.
I can successfully mount a share from ServerB on ServerA. But i cannot see the data/folder structure that resides within /data/db/.
I created a txt file in /data/db on ServerB before mounting to the SAN as a test, and this shows that when ServerA access the share on ServerB it only sees the local txt file i created.
My question anyway is;
is it possible to connect a SAN share via another server to the DMZ Server? Can anyone suggest something that i may have done wrong, or offer a better option to achieving this?
I understand if it is not be possible to gain access to a share via a piggy back share, just need some advice on this.
Thanks in advance
P
I am hoping you can help me with an problem connecting to an NFS export that piggy backs off another server.
I have scenario whereby i have 2 CentOS servers and a SAN hosting an NFS share.
1. ServerA (DMZ)
2. ServerB (LAN)
3. NetApp SAN (LAN)
The share is on the SAN, and export policy permits access from ServerB on the same vLAN. This share is mounted on ServerB as say /data/db. and thats all well and good.
The troublesome bit is that ServerA also needs to be able to access this share from the SAN, and we cannot open up access inbound from the DMZ to the NFS interface of the SAN for security reasons.
i had an idea of sharing out /data from ServerB permitting ServerA access to it point to point from the DMZ. The point to point access only links the Servers A and B which i can permit inbound from the DMZ as they are linked. So effectively using ServerB as a middle man for ServerA to access the data on the SAN.
I can successfully mount a share from ServerB on ServerA. But i cannot see the data/folder structure that resides within /data/db/.
I created a txt file in /data/db on ServerB before mounting to the SAN as a test, and this shows that when ServerA access the share on ServerB it only sees the local txt file i created.
My question anyway is;
is it possible to connect a SAN share via another server to the DMZ Server? Can anyone suggest something that i may have done wrong, or offer a better option to achieving this?
I understand if it is not be possible to gain access to a share via a piggy back share, just need some advice on this.
Thanks in advance
P