From: Darren Reed Wed, 22 Dec 2004 > "keep frags" doesn't work with certain Linux kernels that generate > fragments. This is a known issue with Linux. Is the NFSSERVER host > running Linux?
The NFSSERVER (which is not under my control) runs Linux, but ipfilter runs in Solaris 7_x86. This issue should not depend on the server's OS, since the fragmentation is necessary when the NFS rsize + packet headers exceeds the MTU (=1500 bytes). Or are the fragments from a Linux server in a nonstandard format not recognized by ipf? As for me, I am satisfied with my workaround (see my first mail); alternatively, I could reduce rsize to, e.g., 1300. But one should be aware that there seems to be a keep state problem with UDP.
