NFS problem through FWSM firewall

From: Robert McDonnell (robert.mcdonnell@let.uu.nl)
Date: Tue Jan 18 2005 - 14:52:30 EST

• Next message: sreenath sarikonda: "netstat -rn output changing automatically."
• Previous message: bbb bb: "[Q] wield mount /home directory problem ???"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi All,

Hope this isn't too off topic. We have a urgent issue we believe is
related to a broken NFS share

PROBLEM : linux clients hang at login waiting for an NFS mount

BACKGROUND :

Clients - Redhat Enterprise Linux WS release 3 (Taroon Update 3)
Kernel 2.4.21-15.0.4.EL on a i686 in VLAN X

NFS Server - Solaris 9 (NFS and OpenLDAP, sunscreen packet filter)
SunOS 5.9 Generic_112233-11 sun4u sparc SUNW,UltraAX-i2 in VLAN Y

The systems have worked happily together for 8 months. However, since
the network boys started up their FWSM firewall NFS looks broken. I have
tried forcing the clients to use TCP. However, this doesn't solve the
issue. If we take the mount out of /etc/fstab on the clients and log in
as root we can mount the share by hand and all looks well, However, it
refuses to work on login. We have tried stopping Sunscreen on the server
which doesn't help. If I place a client in the same VLAN as the server
all works fine. Authentication is via LDAP to the same system. We are
95% sure the problem is not LDAP related and 95% sure it's NFS related.
There is some stuff out on the net about FWSM dropping fragmented NFS
UDP packets but we are clueless. We don't have access to the network
infrastructure or the FW config, just the Server and clients. Snoop and
tcpdump during login show lots of retransmits and are very one sided not
the usual NFS ping pong. The logs are very quite just one NFS server not
responding message on the clients. If you mount the share by hand the
traffic looks normal. It's a difficult one to troubleshoot.

QUESTION:

Does anyone have any experience they would care to share (away from the
list) regarding getting Sun NFS through cisco FWSM? Could the FW be
breaking the SunRPC authentication? I will summarize to the list.
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: sreenath sarikonda: "netstat -rn output changing automatically."
• Previous message: bbb bb: "[Q] wield mount /home directory problem ???"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:30:01 EDT