Try for auth.reject as * and then go for specific auth.allow?<span></span><br><br>On Friday 23 September 2016, Kevin Lemonnier <<a href="mailto:lemonnierk@ulrar.net">lemonnierk@ulrar.net</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<br>
Using GlusterFS 3.7.15 on Debian 8 I'm trying to limit access using auth.allow on my volume.<br>
I have 3 nodes in replication with both a public interface and a private interface on each.<br>
Gluster uses the private IPs to communicate, but I noticed it was possible to mount the volume<br>
from the internet (that's bad ..) so I googled a bit. auth.allow, if I understand it correctly,<br>
should allow me to limit access of the volume to a list of IPs, is that correct ?<br>
<br>
I ran gluster volume set VMs auth.allow 10.10.0.* and it said success (it does appear in the info),<br>
but I can still mount the volume from the internet. It works only using NFS because using fuse it's<br>
trying to use the private adresses, which won't work on the internet, but it still gets the volume<br>
config and the nodes names anyway.<br>
<br>
Should I do something specific after setting auth.allow ?<br>
<br>
Here is the volume info :<br>
<br>
Volume Name: VMs<br>
Type: Replicate<br>
Volume ID: d0ee13f2-055c-4f37-9c75-<wbr>527d5e86b78d<br>
Status: Started<br>
Number of Bricks: 1 x 3 = 3<br>
Transport-type: tcp<br>
Bricks:<br>
Brick1: ips1adm.clientname:/mnt/<wbr>storage/VMs<br>
Brick2: ips2adm.clientname:/mnt/<wbr>storage/VMs<br>
Brick3: ips3adm.clientname:/mnt/<wbr>storage/VMs<br>
Options Reconfigured:<br>
auth.allow: 10.10.0.*<br>
network.ping-timeout: 15<br>
cluster.data-self-heal-<wbr>algorithm: full<br>
features.shard-block-size: 64MB<br>
features.shard: on<br>
performance.stat-prefetch: off<br>
performance.io-cache: off<br>
performance.read-ahead: off<br>
performance.quick-read: off<br>
cluster.eager-lock: enable<br>
network.remote-dio: enable<br>
cluster.server-quorum-type: server<br>
cluster.quorum-type: auto<br>
performance.readdir-ahead: on<br>
<br>
<br>
--<br>
Kevin Lemonnier<br>
PGP Fingerprint : 89A5 2283 04A0 E6E9 0111<br>
</blockquote><br><br>-- <br>--Atin<br>