Anybody have any insight into this and why I am seeing this constantly?
-----Original Message----- From: Olmsted, Brian Sent: Friday, December 16, 2005 4:25 PM To: [email protected] Cc: Olmsted, Brian Subject: return packets blocked - UDP with frags. help :) Why are these return packets continuously blocked? Dec 16 21:11:14 infov2 ipmon[149]: [ID 702911 local0.warning] 21:11:14.026689 qfe0 @101:49 b 10.207.7.5,111 -> 10.207.7.18,35957 PR udp len 20 56 IN Dec 16 21:11:44 infov2 ipmon[149]: [ID 702911 local0.warning] 21:11:44.036887 qfe0 @101:49 b 10.207.7.5,111 -> 10.207.7.18,35957 PR udp len 20 56 IN I'm trying to setup connectivity for NFS client (10.207.7.18) to talk to NFS server (10.207.7.5). This connection is to the portmapper on the NFS server (port 111, udp). RPC services on the NFS server... [EMAIL PROTECTED] rpcinfo -p 10.207.7.5 program vers proto port service 100024 1 tcp 4047 status 100024 1 udp 4047 status 100011 1 udp 4049 rquotad 100021 4 tcp 4045 nlockmgr 100021 3 tcp 4045 nlockmgr 100021 1 tcp 4045 nlockmgr 100021 4 udp 4045 nlockmgr 100021 3 udp 4045 nlockmgr 100021 1 udp 4045 nlockmgr 100005 3 tcp 4046 mountd 100005 2 tcp 4046 mountd 100005 1 tcp 4046 mountd 100005 3 udp 4046 mountd 100005 2 udp 4046 mountd 100005 1 udp 4046 mountd 100003 4 tcp 2049 nfs 100003 3 tcp 2049 nfs 100003 2 tcp 2049 nfs 100003 3 udp 2049 nfs 100003 2 udp 2049 nfs 100000 2 tcp 111 rpcbind 100000 2 udp 111 rpcbind [EMAIL PROTECTED] Rules below... Is there something with the whole UDP fragmented packets in the rules? I'm not sure of the exact PROPER usage of "keep frags", "with frags" and the whole "age x/y" statements. Do I need to make my state table larger or increase my UDP timeouts globally, etc? [EMAIL PROTECTED] ipfstat -i -o -h -n | egrep '10\.207\.7\.5' 1 @45 pass out quick on qfe0 proto tcp from 10.207.7.18/32 to 10.207.7.5/32 port = sunrpc flags S/FSRPAU keep state keep frags group 102 4 @46 pass out quick on qfe0 proto udp from 10.207.7.18/32 to 10.207.7.5/32 port = sunrpc keep state keep frags group 102 0 @47 pass out quick on qfe0 proto tcp from 10.207.7.18/32 to 10.207.7.5/32 port = nfsd flags S/FSRPAU keep state keep frags group 102 172 @48 pass out quick on qfe0 proto udp from 10.207.7.18/32 to 10.207.7.5/32 port = nfsd keep state keep frags group 102 0 @49 pass out quick on qfe0 proto tcp from 10.207.7.18/32 to 10.207.7.5/32 port 4044 >< 4048 flags S/FSRPAU keep state keep frags group 102 2 @50 pass out quick on qfe0 proto udp from 10.207.7.18/32 to 10.207.7.5/32 port 4044 >< 4048 keep state keep frags group 102 4 @51 pass out quick on qfe0 proto udp from 10.207.7.18/32 to 10.207.7.5/32 port = 4049 keep state keep frags group 102 2982 @52 pass out quick on qfe0 proto udp from 10.207.7.18/32 to 10.207.7.5/32 with frag group 102 0 @36 pass in quick on qfe0 proto tcp from 10.207.7.5/32 to 10.207.7.18/32 port = sunrpc flags S/FSRPAU keep state keep frags group 101 0 @37 pass in quick on qfe0 proto udp from 10.207.7.5/32 to 10.207.7.18/32 port = sunrpc keep state keep frags group 101 0 @38 pass in quick on qfe0 proto tcp from 10.207.7.5/32 to 10.207.7.18/32 port = nfsd flags S/FSRPAU keep state keep frags group 101 0 @39 pass in quick on qfe0 proto udp from 10.207.7.5/32 to 10.207.7.18/32 port = nfsd keep state keep frags group 101 0 @40 pass in quick on qfe0 proto tcp from 10.207.7.5/32 to 10.207.7.18/32 port 4044 >< 4048 flags S/FSRPAU keep state keep frags group 101 0 @41 pass in quick on qfe0 proto udp from 10.207.7.5/32 to 10.207.7.18/32 port 4044 >< 4048 keep state keep frags group 101 0 @42 pass in quick on qfe0 proto udp from 10.207.7.5/32 to 10.207.7.18/32 port = 4049 keep state keep frags group 101 211 @43 pass in quick on qfe0 proto udp from 10.207.7.5/32 to 10.207.7.18/32 with frag group 101 [EMAIL PROTECTED]
