Date: Wed, 13 Dec 2006 10:12:02 +0100 From: Max Laier <max@love2party.net> To: freebsd-stable@freebsd.org Cc: Charles Sprickman <spork@bway.net> Subject: Re: pf killing NFS Message-ID: <200612131012.08799.max@love2party.net> In-Reply-To: <Pine.OSX.4.61.0612130030020.354@white.nat.fasttrackmonkey.com> References: <Pine.OSX.4.61.0612130030020.354@white.nat.fasttrackmonkey.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart3159659.qabpQBBnfv Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Wednesday 13 December 2006 07:10, Charles Sprickman wrote: > Hi all, > > I'm running a 6.2-RC1 box (cvsup'd today) that has two broadcom nics.=20 > One is an internal network (nfs) and the other is external. > > PF has this rule for all traffic on the private net: > > [root@archive /home/jails]# pfctl -sr|grep bge1 > pass in quick on bge1 inet from 192.168.1.0/24 to any > pass out quick on bge1 inet from any to 192.168.1.0/24 > > No state since these are "quick" and symmetrical. > > Doing something like "ls /usr/ports" will just hang until interrupted. > Using tcp for nfs makes it workable, but very slow. > > If I disable pf (pfctl -d), both types of mounts work, and speed is > excellent. I also just found that if I remove the "scrub in all" > statement and change it to "scrub in on bge0", things are fine. > > Any idea what's going on? The tcpdump output confuses me (see "bad > cksum!"), so I'm posting some snippets here. As Luke already pointed out, "no-df" on the scrub rule should help. As=20 for the "bad cksum!" - this is a symptom of checksumming done in=20 hardware. ifconfig bge1 -rxcsum -txcsum should get rid of them. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart3159659.qabpQBBnfv Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQBFf8PoXyyEoT62BG0RAiw8AJ9szGlpct9Ej6gvtiVs391tBSINBACggCfW TjI6R4F6Jmq4lQ5sgWQZVY0= =pIS1 -----END PGP SIGNATURE----- --nextPart3159659.qabpQBBnfv--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200612131012.08799.max>