Thank you, Tom. Allowing all UDP traffic seems to be working as a work-around for me.
I will report the issue to the Linux people. Eric Swanson On Nov 14, 2007, at 11:16 AM, Tom Eastep wrote: > Eric Swanson wrote: > >> >> I can repeatably kernel panic my Cent OS 4.5 server running Shorewall >> version 4.0.5. I can accomplish this by connecting via NFS from >> another >> computer to this box, then as I start to browse around (NFS client is >> Mac >> OSX 10.5) Linux crashes with Caps Lock and Scroll Lock flashing. The >> log entry is included below. >> >> When I _stop_ shorewall (after a reboot), Linux does _not_ panic when >> the >> same above actions are performed (connecting/browsing via NFS). >> >> I'm not sure if the problem is with Shorewall or Linux. Thus my >> question: >> Do I report this issue here or to the CentOS people? > > You report it to the CentOS people. It is important in these cases to > understand what Shorewall is (and isn't). Shorewall is a tool for > configuring certain networking aspects of your kernel. Although we > speak of > "starting" Shorewall, and say that "Shorewall is running" after a > successful > start, the fact is that once "shorewall start" (or "shorewall > restart") > finishes, there is no Shorewall code running in your system at all. > >> >> Perhaps of note is that at each panic, Shorewall reports a >> different SPT >> and DPT. >> > > Again, it is not Shorewall that is generating those log messages -- > Shorewall has configured Netfilter (part of your kernel) to generate > those > messages under certain conditions (the messages you are seeing are > probably > the result of a REJECT policy from fw->loc -- see Shorewall FAQ 17). > When > using NFS (or any portmapper-based application), it is the least > painful > strategy to simply allow all UDP traffic (in both directions) > between the > client(s) and the server. You might find that you can work around the > problem if you do that. > > /etc/shorewall/rules: > > ACCEPT fw loc udp > ACCEPT loc fw udp > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ [EMAIL PROTECTED] > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a > browser. > Download your FREE copy of Splunk now >> > http://get.splunk.com/_______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users This message and any attachment are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient, please telephone or email the sender and delete this message and any attachment from your system. If you are not the intended recipient, please do not copy this message or attachment or disclose the contents to any other person. This e-mail and any attachments have been scanned for certain viruses prior to leaving Mercy Ships. However, Mercy Ships will not be liable for any losses as a result of any viruses being passed on. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
