pf killing NFS
Max Laier
max at love2party.net
Wed Dec 13 01:12:13 PST 2006
On Wednesday 13 December 2006 07:10, Charles Sprickman wrote:
> Hi all,
>
> I'm running a 6.2-RC1 box (cvsup'd today) that has two broadcom nics.
> One is an internal network (nfs) and the other is external.
>
> PF has this rule for all traffic on the private net:
>
> [root at archive /home/jails]# pfctl -sr|grep bge1
> pass in quick on bge1 inet from 192.168.1.0/24 to any
> pass out quick on bge1 inet from any to 192.168.1.0/24
>
> No state since these are "quick" and symmetrical.
>
> Doing something like "ls /usr/ports" will just hang until interrupted.
> Using tcp for nfs makes it workable, but very slow.
>
> If I disable pf (pfctl -d), both types of mounts work, and speed is
> excellent. I also just found that if I remove the "scrub in all"
> statement and change it to "scrub in on bge0", things are fine.
>
> Any idea what's going on? The tcpdump output confuses me (see "bad
> cksum!"), so I'm posting some snippets here.
As Luke already pointed out, "no-df" on the scrub rule should help. As
for the "bad cksum!" - this is a symptom of checksumming done in
hardware. ifconfig bge1 -rxcsum -txcsum should get rid of them.
--
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20061213/489e42bc/attachment.pgp
More information about the freebsd-stable
mailing list