Eric Swanson wrote: > > I can repeatably kernel panic my Cent OS 4.5 server running Shorewall > version 4.0.5. I can accomplish this by connecting via NFS from another > computer to this box, then as I start to browse around (NFS client is > Mac > OSX 10.5) Linux crashes with Caps Lock and Scroll Lock flashing. The > log entry is included below. > > When I _stop_ shorewall (after a reboot), Linux does _not_ panic when > the > same above actions are performed (connecting/browsing via NFS). > > I'm not sure if the problem is with Shorewall or Linux. Thus my > question: > Do I report this issue here or to the CentOS people?
You report it to the CentOS people. It is important in these cases to
understand what Shorewall is (and isn't). Shorewall is a tool for
configuring certain networking aspects of your kernel. Although we speak of
"starting" Shorewall, and say that "Shorewall is running" after a successful
start, the fact is that once "shorewall start" (or "shorewall restart")
finishes, there is no Shorewall code running in your system at all.
>
> Perhaps of note is that at each panic, Shorewall reports a different SPT
> and DPT.
>
Again, it is not Shorewall that is generating those log messages --
Shorewall has configured Netfilter (part of your kernel) to generate those
messages under certain conditions (the messages you are seeing are probably
the result of a REJECT policy from fw->loc -- see Shorewall FAQ 17). When
using NFS (or any portmapper-based application), it is the least painful
strategy to simply allow all UDP traffic (in both directions) between the
client(s) and the server. You might find that you can work around the
problem if you do that.
/etc/shorewall/rules:
ACCEPT fw loc udp
ACCEPT loc fw udp
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
