[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: ipf/ipnat behavior
Paul Goyette wrote:
On Sat, 31 May 2008, Darren Reed wrote:
How much of your NFS traffic is TCP vs UDP?
If you force it to all be UDP, does the problem go away?
Everything is pretty much default! All of my NFS servers and clients
are NetBSD, all running the same -current. The only maching that is
having any problems is the client-only machine which happens to also
have ipf/ipnat turned on. There's no '-T' in the mount commands, but
nfsd is running with '-6 -t -u -n4'. A quick tcpdump shows that it's
using UDP already.
So you've applied the patch I committed today and this isn't working for
What packets are being blocked (see. ipmon logs)?
Can you see packets being retransmitted (tcpdump)?
I have these rules:
pass out quick on pcn2 proto tcp from 192.168.239.70/32 to any flags
S/SA keep state
pass out quick on pcn2 proto udp from 192.168.239.70/32 to any keep state
pass out quick on pcn2 proto icmp from 192.168.239.70/32 to any keep state
block in log on pcn2 all
Which kick in when I do:
mount 192.168.239.2:/usr/home /mnt
And they allow me to do a few quick things (ls, etc) via NFS ok.
Main Index |
Thread Index |