On Wed, 2007-11-14 at 09:16 -0800, Tom Eastep wrote: > Eric Swanson wrote:
> > Perhaps of note is that at each panic, Shorewall reports a different SPT > > and DPT. Probably NFS related traffic, which defaults to random ports... > Again, it is not Shorewall that is generating those log messages -- > Shorewall has configured Netfilter (part of your kernel) to generate those > messages under certain conditions (the messages you are seeing are probably > the result of a REJECT policy from fw->loc -- see Shorewall FAQ 17). When > using NFS (or any portmapper-based application), it is the least painful > strategy to simply allow all UDP traffic (in both directions) between the That depends on your definition of "painful". For me, opening all UDP ports is more painful, than spending a couple minutes configuring the server. :) > client(s) and the server. You might find that you can work around the > problem if you do that. > > /etc/shorewall/rules: > > ACCEPT fw loc udp > ACCEPT loc fw udp See http://shorewall.net/ports.htm#NFS , which hints to my documentation and rules for "pinning down NFS". That way, you can restrict NFS to a few fixed ports only, instead of opening everything. karsten -- [ESR] Eric S. Raymond: "How To Ask Questions The Smart Way" http://www.catb.org/~esr/faqs/smart-questions.html [SGT] Simon G. Tatham: "How to Report Bugs Effectively" http://www.chiark.greenend.org.uk/~sgtatham/bugs.html ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
