As part of my improving security exercise I have implemented a DMZ system on a subnet separate from my main home subnet.

Thus I have (similar to Mark Rogers) the following:-

Draytek Vigor 2820n on subnet 192.168.1.0 WAN1 ADSL connection WAN2 Ethernet 192.168.13.0 to second ADSL router

I have a Raspberry Pi plugged into to the second ADSL router's LAN so it's on the 192.168.13.0 subnet, this is the DMZ machine which will have a number of ports open to the internet.

The 192.168.1.0 firewall doesn't allow any connections from the 192.168.13.0 subnet, but the Draytek Vigor 2820n does route anything addressed to 192.168.13.0 to WAN2. Thus for example I can ssh from my desktop machine on 192.168.1.0 to the Raspberry Pi.

Now (finally!) to the question, can the Raspberry Pi export its files to my desktop (or anything on the 192.168.1.0 subnet) without opening up any holes in the firewall? I tried the obvious:-

/ *(rw,async,no_subtree_check)

on the Raspberry Pi but although I could mount the filesystem successfully on my desktop any attempt to access it just hangs.