Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 13 Dec 2006 10:12:02 +0100
From:      Max Laier <max@love2party.net>
To:        freebsd-stable@freebsd.org
Cc:        Charles Sprickman <spork@bway.net>
Subject:   Re: pf killing NFS
Message-ID:  <200612131012.08799.max@love2party.net>
In-Reply-To: <Pine.OSX.4.61.0612130030020.354@white.nat.fasttrackmonkey.com>
References:  <Pine.OSX.4.61.0612130030020.354@white.nat.fasttrackmonkey.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
--nextPart3159659.qabpQBBnfv
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Wednesday 13 December 2006 07:10, Charles Sprickman wrote:
> Hi all,
>
> I'm running a 6.2-RC1 box (cvsup'd today) that has two broadcom nics.=20
> One is an internal network (nfs) and the other is external.
>
> PF has this rule for all traffic on the private net:
>
> [root@archive /home/jails]# pfctl -sr|grep bge1
> pass in quick on bge1 inet from 192.168.1.0/24 to any
> pass out quick on bge1 inet from any to 192.168.1.0/24
>
> No state since these are "quick" and symmetrical.
>
> Doing something like "ls /usr/ports" will just hang until interrupted.
> Using tcp for nfs makes it workable, but very slow.
>
> If I disable pf (pfctl -d), both types of mounts work, and speed is
> excellent.  I also just found that if I remove the "scrub in all"
> statement and change it to "scrub in on bge0", things are fine.
>
> Any idea what's going on?  The tcpdump output confuses me (see "bad
> cksum!"), so I'm posting some snippets here.

As Luke already pointed out, "no-df" on the scrub rule should help.  As=20
for the "bad cksum!" - this is a symptom of checksumming done in=20
hardware.  ifconfig bge1 -rxcsum -txcsum should get rid of them.

=2D-=20
/"\  Best regards,                      | mlaier@freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier@EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News

--nextPart3159659.qabpQBBnfv
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (FreeBSD)

iD8DBQBFf8PoXyyEoT62BG0RAiw8AJ9szGlpct9Ej6gvtiVs391tBSINBACggCfW
TjI6R4F6Jmq4lQ5sgWQZVY0=
=pIS1
-----END PGP SIGNATURE-----

--nextPart3159659.qabpQBBnfv--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200612131012.08799.max>