On Mon, Nov 18, 2002 at 05:25:43AM -0800, Dan Moinescu wrote: > As it happens, some NFS packets are fragmented and the > "scrub in" directive was blocking the fragments. > I removed the scrub lines and it worked, but then I > tried the same NFS thing with a machine behind the > firewall and it failed again. > This time, it was because the NFS fragments were > passing through the firewall without being NATed, as > the full IP datagrams were, and this obviously > confused the server. > > So it looks like pf on 3.1 can't handle fragments. Was > this fixed in 3.2?
you fail to give details. I bet you are using a linux box as NFS client. linux sends fragmented NFS packets with the Don't Fragment bit set, which, well, go figure yourself.
