pf blocking nfs
Aaron P. Martinez
ml at proficuous.com
Thu Dec 1 16:12:09 GMT 2005
On Thu, 2005-12-01 at 02:40 +0100, J65nko BSD wrote:
> [snip]
> > In your original post, there was something about a short packet. I'm
> > guessing this might screw things up. You might try adding 'scrub in all'
> > before the filtering rules.
> >
> [smip]
>
> Be careful with scrub and NFS. From http://openbsd.bay13.net/faq/pf/scrub.html
>
> "One reason not to scrub on an interface is if one is passing NFS
> through PF. Some non-OpenBSD platforms send (and expect) strange
> packets -- fragmented packets with the "do not fragment" bit set,
> which are (properly) rejected by scrub."
Well, it looks like scrub fixed the issue. I had originally removed the
scrub in all line because i too had read in the OBSD faq that scrub
might be what was messing up my nfs connection.
I put it back and i'm back to my one one state tracting rule for all
outbound traffic for this machine. Just so everyone can see, this is
the ruleset and it's working properly:
scrub in all
block in log all
pass quick on lo0 all
pass out on fxp0 proto { tcp, udp, icmp } all keep state
thanks to everyone that helped,
Aaron Martinez
More information about the freebsd-questions
mailing list