[Firehol-support] Local Subnet and NFS

Thomas Arendsen Hein thomas at intevation.de
Fri Feb 9 11:00:31 CET 2007


* Casey McGinty <casey.mcginty at gmail.com> [20070209 08:44]:
> I have configured my local subnet (192.168.0.0) on eth1 to allow all server
> connections:
> 
> interface eth1 local
>   server all accept
>   client all accept
> 
> The problem is that I am still seeing packets getting blocked. This is
> causing my NFS drives to not properly mount. Any advice? I am using version:
> firehol.sh,v 1.231 2004/11/01 00:13:00 ktsaou Exp $ from Ubuntu 6.10. I have
> listed some of the log messages getting printed out.
> 
> Feb  8 21:26:06 sandman kernel: [79118.920725] ''IN-local':'IN=eth1 OUT=
> MAC=00:20:78:0e:e9:28:00:0e:0c:b3:03:6c:08:00 SRC=192.168.0.9 DST=
> 192.168.0.1 LEN=172 TOS=0x00 PREC=0x00 TTL=64 ID=44819 DF PROTO=TCP SPT=826
> DPT=2049 WINDOW=32580 RES=0x00 ACK PSH URGP=0

PROTO=TCP and DPT=2049 ... you're using NFS over tcp instead of udp.
Firehol only knows about udp here.

Maybe it is enough to add a custom service (e.g. nfstcp) for tcp/2049

Thomas

-- 
thomas at intevation.de - http://intevation.de/~thomas/ - OpenPGP key: 0x5816791A
Intevation GmbH, Osnabrück - Registereintrag: Amtsgericht Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner




More information about the Firehol-support mailing list