Spruell, Darren-Perot [EMAIL PROTECTED] wrote: > > > Unfortunately we only have one netapp and its live so > > experimenting is awkward. I was hoping I wasnt the > > first to try and do NFS across a redundant OpenBSD > > firewall. This is an internal firewall between > > departments not across the public internet! > > Any help or suggestions would be much appreciated. > > Sounds to be along the lines of what I'd recently asked. >
Not really. Your problem is that the NFS server file handles and other attributes are not replicated between NFS servers (much like pfsync would replicate state tabless between pf firewalls). You need an application/kernel interfaces developed to accomplish this task. Alastair's problem is that his TCP mounts fail when the firewall changes, even though translations/states are supposed to be kept between the firewalls with pfsync. Without analyzing his network traffic or replicating his setup, it's hard to determine what is failing. Trying to simply the configration is the first thing I would do, at least to get a clearer picture of what's happening (Removing pf rules, scrub, moving from tcp mounts to udp, disable pf completely, etc)
