I have ZFS/Xen server for my home network. The box itself has two physical NICs. I want Dom0 to be on my "management" network and the guest domains to be on the "dmz" and "private" networks. The "private" network is where all my home computers are and would like to export iscsi volumes directly to them - without having to create a firewall rule to grant them access to the "management" network. After some searching, I have yet to find a way to specify the subnet an iSCSI target is visible to - is there any way to do that? Another idea, I suppose, would be to have one of the guest domains mount the volume and then export it itself, but this would be less performant and more complicated... Thanks, Kent
Kent Watsen wrote:> > I have ZFS/Xen server for my home network. The box itself has two > physical NICs. I want Dom0 to be on my "management" network and the > guest domains to be on the "dmz" and "private" networks. The "private" > network is where all my home computers are and would like to export > iscsi volumes directly to them - without having to create a firewall > rule to grant them access to the "management" network. After some > searching, I have yet to find a way to specify the subnet an iSCSI > target is visible to - is there any way to do that?Given this is to do with COMSTAR iSCSI (or the old userland iscsi target daemon) and not ZFS you are more likely to get an answer on storage-discuss at opensolaris.org Using stmfadm(1M) you can configure which address the target is exposed to and set what type of authentication you want to use. Given what you have described you probably want to configure one or most host groups with stmfadm(1M). I''m not a COMSTAR expert so I suggest asking on storage-discuss if you need more help than that. -- Darren J Moffat