Mailinglist Archive: opensuse-security (228 mails)

< Previous Next >
Re: [suse-security] SuSE 9.2 + SuSEfirewall2 + nfs problems
  • From: Ludwig Nussel <ludwig.nussel@xxxxxxx>
  • Date: Tue, 15 Mar 2005 11:50:25 +0100
  • Message-id: <20050315105025.GA20446@xxxxxxx>
Simon Oliver wrote:
> I have a new fileserver running SuSE 9.2. Amongst other services it exports NFS shares. I've used Yast to configure the firewall, checking the NFS option.
>
> I have had problems where remote NFS clients either timeout trying to communicate with the server (ping/ssh work fine). After some messing (turn services on and off, flush iptables, etc) it now seems to work.
>
> However I notice some dropped packets from one of the NFS clients:
>
> Mar 15 09:38:55 zzz kernel: SFW2-INext-DROP-DEFLT-INV IN=eth0 OUT= MAC=00:0d:56:
> b8:5a:f4:08:00:69:0d:9a:2e:08:00 SRC=130.88.xxx.yyy DST=130.88.xxx.zzz LEN=40 TOS
> =0x00 PREC=0x00 TTL=60 ID=12095 DF PROTO=TCP SPT=757 DPT=2049 WINDOW=32761 RES=0
> x00 ACK RST URGP=0

Conntrack thinks those packets are invalid for some reason. Do you
have the latest kernel available through YaST Online Update? There
have been issues with tcp window tracking but I thought they were
fixed already.

cu
Ludwig

--
(o_ Ludwig Nussel
//\ SUSE LINUX Products GmbH, Development
V_/_ http://www.suse.de/

< Previous Next >
References