From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:55:53 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id B106C16A4D6; Thu, 16 Sep 2004 03:55:53 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 29961 invoked by uid 1005); 12 Nov 2003 22:23:15 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 29958 invoked from network); 12 Nov 2003 22:23:15 -0000 Received: from moutng.kundenserver.de (212.227.126.177) by pd9530672.dip.t-dialin.net with SMTP; 12 Nov 2003 22:23:15 -0000 Received: from [212.227.126.212] (helo=mxng16.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1AK3LP-00018K-00 for max@vampire.homelinux.org; Wed, 12 Nov 2003 23:20:11 +0100 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng16.kundenserver.de with esmtp (Exim 3.35 #1) id 1AK3LM-0004K5-00 for max@love2party.net; Wed, 12 Nov 2003 23:20:09 +0100 Received: from turing (localhost [127.0.0.1])ESMTP id 563B9390BAE for ; Wed, 12 Nov 2003 17:08:38 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Wed, 12 Nov 2003 17:08:30 -0500 (EST) X-Original-To: pf4freebsd@freelists.org Delivered-To: pf4freebsd@freelists.org Received: from kundenserver16.yws-admin.de (kundenserver16.yws-admin.de [217.115.154.106])ESMTP id 79A40390B6A for ; Wed, 12 Nov 2003 17:08:29 -0500 (EST) Received: from kasimir.com (pD9E1D729.dip.t-dialin.net [217.225.215.41]) by kundenserver16.yws-admin.de (Postfix) with ESMTP id 159F9352587 for ; Wed, 12 Nov 2003 23:19:48 +0100 (CET) Message-ID: <3FB2B203.1030704@kasimir.com> From: "Florian C. Smeets" User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.5b) Gecko/20031011 X-Accept-Language: en-us, en MIME-Version: 1.0 To: pf4freebsd@freelists.org References: <3FB2ACA6.7030302@kasimir.com> <20031112220709.GO17343@insomnia.benzedrine.cx> In-Reply-To: <20031112220709.GO17343@insomnia.benzedrine.cx> Content-type: text/plain; charset=us-ascii X-archive-position: 210 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: flo@kasimir.com Precedence: normal X-list: pf4freebsd Content-Transfer-Encoding: quoted-printable X-Provags-Forward: ad1e83286d02b5e55817d47b0d69ba84 X-UID: 326 X-Length: 3512 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:59:49 +0000 Subject: [pf4freebsd] Re: nfsd send error 1 probably caused by pf ? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:55:53 -0000 X-Original-Date: Wed, 12 Nov 2003 23:19:47 +0100 X-List-Received-Date: Thu, 16 Sep 2004 03:55:53 -0000 Daniel Hartmeier wrote: > On Wed, Nov 12, 2003 at 10:56:54PM +0100, Florian C. Smeets wrote: >=20 >=20 >>Nov 12 19:38:57 bender kernel: nfsd send error 1 >=20 >=20 > Are you using nfs over udp or tcp? >=20 It's tcp. > If you are using scrub, try adding 'no-df' to all scrub rules. Some nfs > implementations (Linux and Solaris, mostly) use fragments with DF set, > which get dropped by scrub unless you use no-df. I'm only using scrub on the external interface not on the internal one=20 where the nfs is transferred. >=20 > If that doesn't solve it, add 'log' to all block rules and watch pflog > for blocked packets. Enable debug logging (pfctl -xm) and watch > /var/log/messages for pf related messages. Do you see fragment > reassembly there? I don't have any block rules on the internal interface ?! >=20 > Daniel >=20 I'm going to experiment a little further and see if i can find anything. Thanks, flo