how do I secure the maprfs? meaning A. how can I setup that maprfs is accessible only to the local lan(ie bound only to the internal network ips) B. if a cluster is available on wan, require some user password authentication
Answer by Matt · Nov 03, 2011 at 04:02 AM
It doesn't hurt to start with a firewall:
iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp --dport 8443 -j ACCEPT iptables -A INPUT -p tcp --dport 50030 -j ACCEPT iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -s 192.168.1.10 -j ACCEPT iptables -A INPUT -s 192.168.1.11 -j ACCEPT iptables -A INPUT -s 192.168.1.12 -j ACCEPT
In this case, 192.168.10-12 are imaginary cluster nodes. You probably want to leave off the rule for port 8443 on nodes that don't run the web console. Put your firewall commands in a script and run it from /etc/rc.local.
It's very important to control the hosts that can connect to the NFS filesystem, a firewall is just one way to do it. I don't know the correct way to limit specific hosts that can connect to the NFS server in the mapr config files.