NFS proxy system (or the like)

Hi, folks.

I am in a situation where a machine sitting in the DMZ
needs to access disks from several machines on the
internal networks via NFS.

As this involves RPCs, the machine in the DMZ would
have wide access to the internal network, which I want
to restrict.

I am looking for a better solution for this. I thought
of installing a NFS "proxy" system, which would mount
the NFS shares itself, and then serve them to the
external machine. This way, the external machine would
only have access to this particular intermediate
system. Easier to harden and monitor.

However, I haven't been able to "re-export" shares.
Has anyone accomplished this?

Any other approaches? (changing from NFS to some other
network file system might be an option if it solves
the problem).


