From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:55:48 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id A694F16A4CF; Thu, 16 Sep 2004 03:55:48 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 29844 invoked by uid 1005); 12 Nov 2003 22:10:43 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 29841 invoked from network); 12 Nov 2003 22:10:43 -0000 Received: from moutng.kundenserver.de (212.227.126.186) by pd9530672.dip.t-dialin.net with SMTP; 12 Nov 2003 22:10:43 -0000 Received: from [212.227.126.149] (helo=mxng06.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1AK39H-0000oz-00 for max@vampire.homelinux.org; Wed, 12 Nov 2003 23:07:39 +0100 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng06.kundenserver.de with esmtp (Exim 3.35 #1) id 1AK39A-0003IH-00 for max@love2party.net; Wed, 12 Nov 2003 23:07:32 +0100 Received: from turing (localhost [127.0.0.1])ESMTP id 9D2B939088C for ; Wed, 12 Nov 2003 16:56:01 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Wed, 12 Nov 2003 16:55:53 -0500 (EST) X-Original-To: pf4freebsd@freelists.org Delivered-To: pf4freebsd@freelists.org Received: from insomnia.benzedrine.cx (insomnia.benzedrine.cx [62.65.145.30]) ESMTP id C42C83907BB for ; Wed, 12 Nov 2003 16:55:51 -0500 (EST) Received: from insomnia.benzedrine.cx (dhartmei@localhost [127.0.0.1]) hACM79Z3010913 (version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO) for ; Wed, 12 Nov 2003 23:07:09 +0100 (MET) Received: (from dhartmei@localhost) by insomnia.benzedrine.cx (8.12.10/8.12.10/Submit) id hACM79gW019314 for pf4freebsd@freelists.org; Wed, 12 Nov 2003 23:07:09 +0100 (MET) From: Daniel Hartmeier To: pf4freebsd@freelists.org Message-ID: <20031112220709.GO17343@insomnia.benzedrine.cx> References: <3FB2ACA6.7030302@kasimir.com> Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3FB2ACA6.7030302@kasimir.com> User-Agent: Mutt/1.4.1i X-archive-position: 209 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: daniel@benzedrine.cx Precedence: normal X-list: pf4freebsd Content-Transfer-Encoding: quoted-printable X-Provags-Forward: ad1e83286d02b5e55817d47b0d69ba84 X-UID: 325 X-Length: 3291 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:52 +0000 Subject: [pf4freebsd] Re: nfsd send error 1 probably caused by pf ? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:55:48 -0000 X-Original-Date: Wed, 12 Nov 2003 23:07:09 +0100 X-List-Received-Date: Thu, 16 Sep 2004 03:55:48 -0000 On Wed, Nov 12, 2003 at 10:56:54PM +0100, Florian C. Smeets wrote: > Nov 12 19:38:57 bender kernel: nfsd send error 1 Are you using nfs over udp or tcp? If you are using scrub, try adding 'no-df' to all scrub rules. Some nfs implementations (Linux and Solaris, mostly) use fragments with DF set, which get dropped by scrub unless you use no-df. If that doesn't solve it, add 'log' to all block rules and watch pflog for blocked packets. Enable debug logging (pfctl -xm) and watch /var/log/messages for pf related messages. Do you see fragment reassembly there? Daniel