Date: Thu, 01 Dec 2005 10:12:03 -0600 From: "Aaron P. Martinez" <ml@proficuous.com> To: FreeBSD-questions@freebsd.org Subject: Re: pf blocking nfs Message-ID: <1133453523.1197.7.camel@aaron.proficuous.com> In-Reply-To: <19861fba0511301740j709ddf34me572b29474b87f6f@mail.gmail.com> References: <60336.192.168.3.69.1133319528.squirrel@webmail.proficuous.com> <20051130170210.GB1587@slackbox.xs4all.nl> <200511301742.31258.ml@proficuous.com> <20051201005348.GB15959@slackbox.xs4all.nl> <19861fba0511301740j709ddf34me572b29474b87f6f@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 2005-12-01 at 02:40 +0100, J65nko BSD wrote: > [snip] > > In your original post, there was something about a short packet. I'm > > guessing this might screw things up. You might try adding 'scrub in all' > > before the filtering rules. > > > [smip] > > Be careful with scrub and NFS. From http://openbsd.bay13.net/faq/pf/scrub.html > > "One reason not to scrub on an interface is if one is passing NFS > through PF. Some non-OpenBSD platforms send (and expect) strange > packets -- fragmented packets with the "do not fragment" bit set, > which are (properly) rejected by scrub." Well, it looks like scrub fixed the issue. I had originally removed the scrub in all line because i too had read in the OBSD faq that scrub might be what was messing up my nfs connection. I put it back and i'm back to my one one state tracting rule for all outbound traffic for this machine. Just so everyone can see, this is the ruleset and it's working properly: scrub in all block in log all pass quick on lo0 all pass out on fxp0 proto { tcp, udp, icmp } all keep state thanks to everyone that helped, Aaron Martinez
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1133453523.1197.7.camel>