[Gluster-users] how to restrict client connection to server to only one IP address

[Jeff Darcy]

> 1. If it is using gluster-fuse, what you are trying to do is futile, because
> the connections are not as you think.  The data does not flow from client1 ->
> gluster1 -> gluster2.  The way it really works is that client1 connects
> directly to both gluster1 and gluster2, and sends the data to both of them at
> the same time.  The only time any volume of data transfers directly from
> gluster1 to gluster2 is during a heal operation.  Unfortunately, gluster does
> not understand the concept of a separate "storage network" that the servers
> use to talk to each other.  It only has one address, and that address is the
> one that the clients connect to.

Very well put.  :)  Better multi-network support is something we're thinking
about for GlusterFS 4.0; separate "front end" and "back end" networks is an
almost trivial subset of that.

To be just a bit more precise, GlusterFS is limited to a concept of one
*name* for a server.  However, that name can resolve to to different addresses
in different contexts.  If the servers and clients use different name servers
or have different /etc/hosts files, then it is possible to split user and
internal traffic in some useful ways.  There are also ways to achieve the
same thing with explicit routing, or with iptables rules.  It's pretty easy
to get yourself all messed up this way, which is why it's not generally
recommended or supported, but it is at least *possible*.