From owner-freebsd-questions@FreeBSD.ORG Thu Mar 26 19:34:39 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 021823F0 for ; Thu, 26 Mar 2015 19:34:39 +0000 (UTC) Received: from mail.silvertree.org (arthur.silvertree.org [173.11.101.153]) by mx1.freebsd.org (Postfix) with SMTP id C4463C79 for ; Thu, 26 Mar 2015 19:29:35 +0000 (UTC) Received: (qmail 3952 invoked from network); 26 Mar 2015 19:22:50 -0000 Received: from localhost (HELO ?127.0.0.1?) (127.0.0.1) by mail.silvertree.org with SMTP; 26 Mar 2015 19:22:50 -0000 Message-ID: <55145C8A.3030206@silvertree.org> Date: Thu, 26 Mar 2015 12:22:50 -0700 From: Scott Schappell User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: FreeBSD 8.4 - Can't mount nfs over tcp, but can mount over udp Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Mar 2015 19:34:39 -0000 I have a FreeNAS 9.3 server exporting an NFS share over UDP and TCP. Everything works great over UDP, but over TCP, everything times out. I'm running ipfilter, but rebooting with it disabled didn't fix the issue. Here's the relevant line in ipf.rules: pass out log quick on em1 proto tcp/udp from any to any keep state pass in log quick on em1 proto tcp/udp from any to any keep state em1 is 192.168.0.0/24, em0 is the public facing NIC. /etc/hosts.allow on both servers is set to just allow everything: # Start by allowing everything (this prevents the rest of the file # from working, so remove it when you need protection). # The rules here work on a "First match wins" basis. ALL : ALL : allow Running ipmon I see the requests go out (eventually, note it takes about 30 seconds or so to get this output): 26/03/2015 12:12:23.502793 em1 @0:2 p 192.168.0.126,870 -> 192.168.0.12,111 PR tcp len 20 60 -S K-S OUT 26/03/2015 12:13:05.302609 em1 @0:2 p 192.168.0.126,825 -> 192.168.0.12,111 PR tcp len 20 60 -S K-S OUT 26/03/2015 12:13:08.302618 em1 @0:2 p 192.168.0.126,825 -> 192.168.0.12,111 PR tcp len 20 60 -S K-S OUT 26/03/2015 12:13:11.502684 em1 @0:2 p 192.168.0.126,825 -> 192.168.0.12,111 PR tcp len 20 60 -S K-S OUT 26/03/2015 12:13:14.702750 em1 @0:2 p 192.168.0.126,825 -> 192.168.0.12,111 PR tcp len 20 48 -S K-S OUT 26/03/2015 12:13:39.503401 em1 @0:2 p 192.168.0.126,825 -> 192.168.0.12,111 PR tcp len 20 48 -S K-S OUT 26/03/2015 12:14:03.703756 em1 @0:2 p 192.168.0.126,825 -> 192.168.0.12,111 PR tcp len 20 48 -S K-S OUT Both hosts are in DNS, forward and reverse so IP validation should work. I set NFS ip paranoia to 0 in sysctl to no effect as well. [root@arthur /etc/namedb/master]# rpcinfo -T tcp avalon.wlan.silvertree.org rpcinfo: can't contact rpcbind: RPC: Remote system error - Operation timed out [root@arthur /etc/namedb/master]# rpcinfo -T udp avalon.wlan.silvertree.org program version netid address service owner 100000 4 tcp 0.0.0.0.0.111 rpcbind superuser 100000 3 tcp 0.0.0.0.0.111 rpcbind superuser 100000 2 tcp 0.0.0.0.0.111 rpcbind superuser 100000 4 udp 0.0.0.0.0.111 rpcbind superuser 100000 3 udp 0.0.0.0.0.111 rpcbind superuser 100000 2 udp 0.0.0.0.0.111 rpcbind superuser 100000 4 tcp6 ::.0.111 rpcbind superuser 100000 3 tcp6 ::.0.111 rpcbind superuser 100000 4 udp6 ::.0.111 rpcbind superuser 100000 3 udp6 ::.0.111 rpcbind superuser 100000 4 local /var/run/rpcbind.sock rpcbind superuser 100000 3 local /var/run/rpcbind.sock rpcbind superuser 100000 2 local /var/run/rpcbind.sock rpcbind superuser 100005 1 udp6 ::.2.94 mountd superuser 100005 3 udp6 ::.2.94 mountd superuser 100005 1 tcp6 ::.2.94 mountd superuser 100005 3 tcp6 ::.2.94 mountd superuser 100005 1 udp 0.0.0.0.2.94 mountd superuser 100005 3 udp 0.0.0.0.2.94 mountd superuser 100005 1 tcp 0.0.0.0.2.94 mountd superuser 100005 3 tcp 0.0.0.0.2.94 mountd superuser 100003 2 udp 0.0.0.0.8.1 nfs superuser 100003 3 udp 0.0.0.0.8.1 nfs superuser 100003 2 udp6 ::.8.1 nfs superuser 100003 3 udp6 ::.8.1 nfs superuser 100003 2 tcp 0.0.0.0.8.1 nfs superuser 100003 3 tcp 0.0.0.0.8.1 nfs superuser 100003 2 tcp6 ::.8.1 nfs superuser 100003 3 tcp6 ::.8.1 nfs superuser 100024 1 udp6 ::.3.104 status superuser 100024 1 tcp6 ::.3.104 status superuser 100024 1 udp 0.0.0.0.3.104 status superuser 100024 1 tcp 0.0.0.0.3.104 status superuser 100021 0 udp6 ::.2.151 nlockmgr superuser 100021 0 tcp6 ::.2.191 nlockmgr superuser 100021 0 udp 0.0.0.0.3.2 nlockmgr superuser 100021 0 tcp 0.0.0.0.3.6 nlockmgr superuser 100021 1 udp6 ::.2.151 nlockmgr superuser 100021 1 tcp6 ::.2.191 nlockmgr superuser 100021 1 udp 0.0.0.0.3.2 nlockmgr superuser 100021 1 tcp 0.0.0.0.3.6 nlockmgr superuser 100021 3 udp6 ::.2.151 nlockmgr superuser 100021 3 tcp6 ::.2.191 nlockmgr superuser 100021 3 udp 0.0.0.0.3.2 nlockmgr superuser 100021 3 tcp 0.0.0.0.3.6 nlockmgr superuser 100021 4 udp6 ::.2.151 nlockmgr superuser 100021 4 tcp6 ::.2.191 nlockmgr superuser 100021 4 udp 0.0.0.0.3.2 nlockmgr superuser 100021 4 tcp 0.0.0.0.3.6 nlockmgr superuser My Google Fu has failed me miserably.Any suggestions would be helpful, even if that suggestion is "Use UDP, it's fine". Thanks!