[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] NFS fails on FW1 4.1 SP2 and SP3
Michael No, the clients are talking to the server's primary IP address (it is a single dedicated NFS box). The server responds correctly from the same IP address and port number that the client used. I have also checked that the FW1 UDP connection table does have the correct entry for this "connection". Oliver > -----Original Message----- > From: Michael Miller [mailto:[email protected]] > Sent: 06 June 2001 16:52 > To: '[email protected]'; > '[email protected]' > Subject: RE: [FW1] NFS fails on FW1 4.1 SP2 and SP3 > > > a quick question, are the nfs clients talking to a virtual IP > on the nfs > server, or to the server's 'primary' IP address. I have seen > this problem > on Sun Clusters, whereby a client talks to the cluster > virtual IP and the > UDP responses come from the cluster's real IP. the firewall > then blocks this > packet because it is not recognised as a reply. > > > -----Original Message----- > > From: [email protected] [mailto:[email protected]] > > Sent: Tuesday, June 05, 2001 1:06 PM > > To: '[email protected]' > > Subject: [FW1] NFS fails on FW1 4.1 SP2 and SP3 > > > > > > > > We recently upgraded our Solaris 7 version of FW1-4.1 from > SP1 to SP3. > > Unfortunately after this, new NFS mounts across the firewall stopped > > working. After snooping, I found that the NFS portmap request > > works fine, > > but when the client talks to the server on the supplied port > > number, the UDP > > replies from the server are blocked by the firewall. > > I also tried with SP2 but got exactly the same problem. I > > checked the RPC > > definitions in base.def for both SP1 and SP3 and they appear > > identical. I > > also checked that "Allow UDP Replies" is set. > > The only way I have got it to work is by adding a rule to > > allow high-port > > numbered UDP packets from the server to the client. > > Has anybody else seen this problem or found how to resolve it. > > > > > > ============================================================== > > ================== > > To unsubscribe from this mailing list, please see the > > instructions at > > http://www.checkpoint.com/services/mailing.html > > ============================================================== > > ================== > > > > ------------------------------------------------------------ > Internet communications are not secure and therefore Oyster > Partners Ltd > does not accept legal responsibility for the contents of this > message. Any > views or opinions presented are solely those of the author and do not > necessarily represent those of Oyster Partners Ltd. > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|