Re: netbsd-5 and NFS-booted ipfilter firewall

To: Louis Guillaume <lguillaume%berklee.edu@localhost>
Subject: Re: netbsd-5 and NFS-booted ipfilter firewall
From: Hauke Fath <hauke%Espresso.Rhein-Neckar.DE@localhost>
Date: Sun, 22 Feb 2009 16:02:13 +0100

At 1:10 Uhr -0500 22.2.2009, Louis Guillaume wrote:
>On netbsd-5, my firewall hangs after installing NAT rules for ipfilter.
>The firewall is netbooted.

Uhh... Sit on branch, have saw?

>Turn ipfilter off and the machine boots
>without interruption. Revert to netbsd-4 and everything works properly.

And the rule sets are?

>After reading a few threads that seem similar, I experimented with
>setting nfsd to run udp-only, but that didn't help.

Like any RPC, nfs is tricky to pass through a packet filter, in that you
need to enable something like ports [512,1024] in addition to rpc and nfs -
or ask the nfs server rpcbind for the ports used by nfs.

        hauke

--
"It's never straight up and down"     (DEVO)

Follow-Ups:
- Re: netbsd-5 and NFS-booted ipfilter firewall
  - From: Louis Guillaume

References:
- netbsd-5 and NFS-booted ipfilter firewall
  - From: Louis Guillaume

Prev by Date: SOLVED (Re: How to create a large filesystem?)
Next by Date: Re: [5.0_RC2] long delay in /boot
Previous by Thread: netbsd-5 and NFS-booted ipfilter firewall
Next by Thread: Re: netbsd-5 and NFS-booted ipfilter firewall
Indexes:

Home | Main Index | Thread Index | Old Index