Simon Oliver wrote:
I have a new fileserver running SuSE 9.2. Amongst other services it exports NFS shares. I've used Yast to configure the firewall, checking the NFS option.
I have had problems where remote NFS clients either timeout trying to communicate with the server (ping/ssh work fine). After some messing (turn services on and off, flush iptables, etc) it now seems to work.
However I notice some dropped packets from one of the NFS clients:
Mar 15 09:38:55 zzz kernel: SFW2-INext-DROP-DEFLT-INV IN=eth0 OUT= MAC=00:0d:56: b8:5a:f4:08:00:69:0d:9a:2e:08:00 SRC=130.88.xxx.yyy DST=130.88.xxx.zzz LEN=40 TOS =0x00 PREC=0x00 TTL=60 ID=12095 DF PROTO=TCP SPT=757 DPT=2049 WINDOW=32761 RES=0 x00 ACK RST URGP=0
Conntrack thinks those packets are invalid for some reason. Do you have the latest kernel available through YaST Online Update? There have been issues with tcp window tracking but I thought they were fixed already. cu Ludwig -- (o_ Ludwig Nussel //\ SUSE LINUX Products GmbH, Development V_/_ http://www.suse.de/