On Sat, Sep 06, 2008 at 06:33:49PM -0700, Paul Goyette wrote: > Some of you may remember many months ago when I started having some > strange problems with ipfilter/ipnat, right after a new version was > imported. Among other odd behavior, I was having difficulty mounting > NFS file systems. > > After several attempts to find a problem, I worked around it by using > NFS TCP mounts, rather than the default of UDP. All seemed to be well > and I sort of forgot about it. > > Well, a few days ago I updated my systems to -current, and something > very odd happened. :) > > The update was done using 'build.sh install=/' and RELDIR was on one of > my NFS mounted filesystems. Most everything seems to work, except > /usr/X11R6/bin/xrdb fails with a "built-in" error from the Xserver. > > Trying to narrow this down a bit, I decided to verify the integrity of > the NFS file systems. I logged in to the NFS server and ran cksum on > all of the X install sets, and then I ran the same cksum command on the > system-with-the-problem. Interestingly, I got different results for one > of the files. So I unmounted and remounted the file system and reran > cksum, and got wrong results for a different file. Repeat the umount, > mount, cksum steps again, and got still different results! Is it always the same one file? > Since these NFS problems only happen on the single client which also > runs ipfilter/ipnat, and turning ipfilter/ipnat off avoids the problem, > I'm pretty sure I don't have a problem on the NFS server, nor on the > network that connects everything together. > > One additional datapoint that might be relevant: ALL of my systems, > including all the NFS clients and the NFS server, run an IPv4 network > only - no INET6 configured. I'm going to try enabling INET6 on the > machine-that-has-the-problem to see if that makes any difference. > > If anyone else has any clues on how to go about resolving this, I'd > really appreciate it. The obvious solution might be "turn off > ipfilter/ipnat" but I need ipnat - I don't have enough fixed IP > addresses for everything - and I'm not willing to go out and buy a > stand-alone device. :) I'd start doing a tcpdump. If ipfilter is involved, it means it is tied to a specific network data pattern. -- Quentin Garnier - cube%cubidou.net@localhost - cube%NetBSD.org@localhost "See the look on my face from staying too long in one place [...] every time the morning breaks I know I'm closer to falling" KT Tunstall, Saving My Face, Drastic Fantastic, 2007.
Attachment:
pgpJYTQaGTKV9.pgp
Description: PGP signature