Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] NFS fails on FW1 4.1 SP2 and SP3

To: "'[email protected]'" <[email protected]>
Subject: RE: [FW1] NFS fails on FW1 4.1 SP2 and SP3
From: [email protected] (Oliver Hemming)
Date: Wed, 6 Jun 2001 16:59:53 +0100
Cc: "'Michael Miller'" <[email protected]>
Sender: [email protected]

Michael

No, the clients are talking to the server's primary IP address (it is a
single dedicated NFS box). The server responds correctly from the same IP
address and port number that the client used.
I have also checked that the FW1 UDP connection table does have the correct
entry for this "connection". 

Oliver

> -----Original Message-----
> From: Michael Miller [mailto:[email protected]]
> Sent: 06 June 2001 16:52
> To: '[email protected]'; 
> '[email protected]'
> Subject: RE: [FW1] NFS fails on FW1 4.1 SP2 and SP3
> 
> 
> a quick question, are the nfs clients talking to a virtual IP 
> on the nfs
> server, or to the server's 'primary' IP address.  I have seen 
> this problem
> on Sun Clusters, whereby a client talks to the cluster 
> virtual IP and the
> UDP responses come from the cluster's real IP. the firewall 
> then blocks this
> packet because it is not recognised as a reply.
> 
> > -----Original Message-----
> > From: [email protected] [mailto:[email protected]]
> > Sent: Tuesday, June 05, 2001 1:06 PM
> > To: '[email protected]'
> > Subject: [FW1] NFS fails on FW1 4.1 SP2 and SP3
> > 
> > 
> > 
> > We recently upgraded our Solaris 7 version of FW1-4.1 from 
> SP1 to SP3.
> > Unfortunately after this, new NFS mounts across the firewall stopped
> > working. After snooping, I found that the NFS portmap request 
> > works fine,
> > but when the client talks to the server on the supplied port 
> > number, the UDP
> > replies from the server are blocked by the firewall.
> > I also tried with SP2 but got exactly the same problem. I 
> > checked the RPC
> > definitions in base.def for both SP1 and SP3 and they appear 
> > identical. I
> > also checked that "Allow UDP Replies" is set.
> > The only way I have got it to work is by adding a rule to 
> > allow high-port
> > numbered UDP packets from the server to the client.
> > Has anybody else seen this problem or found how to resolve it.
> > 
> > 
> > ==============================================================
> > ==================
> >      To unsubscribe from this mailing list, please see the 
> > instructions at
> >                http://www.checkpoint.com/services/mailing.html
> > ==============================================================
> > ==================
> > 
> 
> ------------------------------------------------------------
> Internet communications are not secure and therefore Oyster 
> Partners Ltd
> does not accept legal responsibility for the contents of this 
> message. Any
> views or opinions presented are solely those of the author and do not
> necessarily represent those of Oyster Partners Ltd.
> 


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] Broadcast Garbage
Next by Date: [FW1] Cisco versus Checkpoint on Nokia
Previous by thread: RE: [FW1] NFS fails on FW1 4.1 SP2 and SP3
Next by thread: AW: [FW1] Offline Viewer or Designer Tool
Index(es):
- Date
- Thread