Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: ipf/ipnat behavior



On Mon, 2 Jun 2008, Darren Reed wrote:

Are there any signs that ipfilter is blocking things?
Like does "ipfstat" show increasing numbers for blocked things?
or NAT failures or...?

ipfstat does not show any blocked packets, which you would think exonerates ipfilter. (I posted the ipfstat output earlier when I was confused about the 'nomatch' entries.)

However, if I boot with ipfilter disabled, or if I manually disable ipfilter before attempting to access the nfs volume, it works fine. Problem occurs only when ipfilter is enabled.

Can you do something like "rpcinfo -p <serverIP#>" from the client?

rpcinfo works just fine. It shows me 9 entries for portmapper (versions 4, 3, and 2 for each of proto tcp, udp, and 0), 4 entries for mountd (versions 1 and 3 for proto tcp and udp), 4 for nfs (versions 2 and 3 for tcp and udp), 2 for status (version 1 for tcp and udp), and 8 for nlockmgr (versions 0, 1, 3, and 4 for tcp and udp).

----------------------------------------------------------------------
|   Paul Goyette   | PGP DSS Key fingerprint: |  E-mail addresses:   |
| Customer Service | FA29 0E3B 35AF E8AE 6651 |  paul%whooppee.com@localhost   |
| Network Engineer | 0786 F758 55DE 53BA 7731 | pgoyette%juniper.net@localhost |
----------------------------------------------------------------------


Home | Main Index | Thread Index | Old Index