Steinar H. Gunderson wrote: > On Wed, Apr 02, 2008 at 02:09:25PM +0100, Chris Tallon wrote: > >> ICMP is not blocked. I added some logging to the server firewall and it >> looks like with the new version of nfs-common the client is attempting >> to talk to the server's portmapper, the old version does not attempt >> this. The portmapper port is not open since as I understand it, >> portmapper is not required for NFSv4. >> > > How are you blocking the port -- are you returning connection refused (as you > should), or simply eating the packets? > > /* Steinar */ > I have just tried it with a REJECT rule and a DROP rule - no difference either way. As I understand it though, the client shouldn't even be attempting to contact the server portmapper in this case?
Chris Tallon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
