Re: ipf/ipnat behavior

[Darren Reed <darrenr%netbsd.org@localhost>]

Paul Goyette wrote:
> On Sun, 1 Jun 2008, Paul Goyette wrote:
>
> > Yes.  I have the following ip_state.c
> >
> > /*      $NetBSD: ip_state.c,v 1.32 2008/06/01 22:26:11 darrenr Exp 
> > $    */
> >
> > > What packets are being blocked (see. ipmon logs)?
> >
> > Ah - i Haven't looked at ipmon yet.
>
> OK, I just ran the same experiment.  'tcpdump port nfs' running on 
> both machines, and ipmon running on the ipnat-enabled NFS client.  All 
> logs from tcpdump and ipmon were totally empty.  The packet(s) seem to 
> just completely disappear, and the 'ls /home/paul' command just hangs 
> waiting for netio.
>
> Funny thing, though, is that there are never any "nfs server blah is 
> not responding" console messages which is usually what you get when 
> the client doesn't receive a response from the NFS server.  It almost 
> seems as though the NFS client hasn't even delivered the packet to the 
> IP stack (ie, the send() hasn't completed so it's not even waiting for 
> a recv()).

Are there any signs that ipfilter is blocking things?
Like does "ipfstat" show increasing numbers for blocked things?
or NAT failures or...?

Can you do something like "rpcinfo -p <serverIP#>" from the client?

Darren