On 10/18/2010 12:03 PM, Jigar SOLANKI wrote:
Hi list,
I have some trouble getting my NFS server working over an IPSec tunnel.
I have a bunch of pf rules on the ipsec interface.
When I allow all traffic to pass between my client and NFS server on
ipsec interface, NFS works just fine.
But when I specify specifif NFS rules in pf (to have more granularity
and control what's going on even if I am on an ipsec interface), NFS
stop working : I dont have my mounts anymore.
My NFS rules allows following tcp/udp ports : 2049 111 633 916
My NFS server is a FreeNAS (FreeBSD) and client is an autofs script on
Ubuntu Lucid.
What am I missing ?
I dont think that it's a fragment issue (scrub / no-df / reassemble)
because it works well when I authorize all tcp/udp traffic between
client and nfs server : on ipsec : pass tcp/udp client * server *
I think nfs also uses extra some dynamic ports chosen at runtime.
I'm not sure how old it is since they reference kernel 2.4, but section
6.3.4 of http://nfs.sourceforge.net/nfs-howto/ar01s06.html seems to
explain how to pin those daemons to fixed ports.
Hope it helps.
Regards,
Hans
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
