From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:56:33 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id EC84D16A4D8; Thu, 16 Sep 2004 03:56:33 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 45308 invoked by uid 1005); 14 Nov 2003 09:37:17 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 45305 invoked from network); 14 Nov 2003 09:37:17 -0000 Received: from moutng.kundenserver.de (212.227.126.188) by pd95307cb.dip.t-dialin.net with SMTP; 14 Nov 2003 09:37:17 -0000 Received: from [212.227.126.148] (helo=mxng05.kundenserver.de) by moutng4.kundenserver.de with esmtp (Exim 3.35 #1) id 1AKaLF-0004lm-00 for max@vampire.homelinux.org; Fri, 14 Nov 2003 10:34:13 +0100 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng05.kundenserver.de with esmtp (Exim 3.35 #1) id 1AKaLA-0003KX-00 for max@love2party.net; Fri, 14 Nov 2003 10:34:08 +0100 Received: from turing (localhost [127.0.0.1])ESMTP id 1BE61390AD8; Fri, 14 Nov 2003 04:21:57 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Fri, 14 Nov 2003 04:21:49 -0500 (EST) X-Original-To: pf4freebsd@freelists.org Delivered-To: pf4freebsd@freelists.org Received: from insomnia.benzedrine.cx (insomnia.benzedrine.cx [62.65.145.30]) ESMTP id CEABF390AA9 for ; Fri, 14 Nov 2003 04:21:47 -0500 (EST) Received: from insomnia.benzedrine.cx (dhartmei@localhost [127.0.0.1]) hAE9XIZ3029383 (version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO); Fri, 14 Nov 2003 10:33:18 +0100 (MET) Received: (from dhartmei@localhost) by insomnia.benzedrine.cx (8.12.10/8.12.10/Submit) id hAE9XIRx009989; Fri, 14 Nov 2003 10:33:18 +0100 (MET) From: Daniel Hartmeier To: pf4freebsd@freelists.org Message-ID: <20031114093317.GB20224@insomnia.benzedrine.cx> References: <3FB2ACA6.7030302@kasimir.com> <20031112220709.GO17343@insomnia.benzedrine.cx> <3FB2B203.1030704@kasimir.com> <3FB2B5AB.50601@kasimir.com> <20031113163911.GR17343@insomnia.benzedrine.cx> <3FB3EBBA.5070405@kasimir.com> <20031114092424.GA32359@kt-is.co.kr> Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031114092424.GA32359@kt-is.co.kr> User-Agent: Mutt/1.4.1i X-archive-position: 217 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: daniel@benzedrine.cx Precedence: normal X-list: pf4freebsd Content-Transfer-Encoding: quoted-printable X-Provags-Forward: ad1e83286d02b5e55817d47b0d69ba84 X-UID: 334 X-Length: 3605 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:59:49 +0000 Subject: [pf4freebsd] Re: nfsd send error 1 probably caused by pf ? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:56:34 -0000 X-Original-Date: Fri, 14 Nov 2003 10:33:17 +0100 X-List-Received-Date: Thu, 16 Sep 2004 03:56:34 -0000 On Fri, Nov 14, 2003 at 06:24:24PM +0900, Pyun YongHyeon wrote: > It seems that your problem is reproducable on my SMP machine. > I used a single rule 'pass out on xl0 keep state'. > However, I can't see 'nfsd send error' message. nfs client > works well even though pf still outputs 'BAD state' message. Are you running nfsd on the pf machine? If pf is blocking outgoing packets due to state mismatches (BAD state messages), and the process trying to send the blocked packets is running on the pf box, it gets a an error code from the stack. If nfsd is reporting those errors, that would imply you'd have to run nfsd on the pf box (not the nfs client). If the theory is correct up to this point, that is ;) Daniel