Hi! I'm planning my first OpenBSD deployment and was wondering about a NFS technique. In the past I've setup a firewall behind an office network, giving a gang of contractors an internet gateway and access to a CVSROOT via samba. The actual CVSROOT was mounted on the firewall via NFS from the office LAN and exported to the contractor's LAN with samba. This setup worked nicely to give the contractors access to the resources they needed without giving them full access to the office LAN.
Now, I'd like to export some public data (ro) to a LAN firewall with NFS, and from the firewall re-export it to a web server on a DMZ for public access. When I tried this with linux, I wasn't able re-export the NFS mount. The bsd folks I discussed this with said, exporting it was a violation of security bounds (or similar language), I disagreed, if a host is entitled to a NFS mount it should be entitled to do with it whatever it pleases, and the limitation was the kernel's ability to negotiate a NFS export of the NFS mount. So, is this going to work? If not, is it a kernel or policy issue? // George -- George Georgalis, systems architect, administrator Linux BSD IXOYE http://galis.org/george/ cell:646-331-2027 mailto:[EMAIL PROTECTED]
