[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] NFS fails on FW1 4.1 SP2 and SP3

To: "'fw-1-mailinglist@lists.us.checkpoint.com'" <fw-1-mailinglist@beethoven.us.checkpoint.com>
Subject: RE: [FW1] NFS fails on FW1 4.1 SP2 and SP3
From: Oliver Hemming <Oliver.Hemming@jet.uk>
Date: Wed, 6 Jun 2001 16:59:53 +0100
Cc: 'Michael Miller' <Michael.Miller@oyster.com>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]


Michael

No, the clients are talking to the server's primary IP address (it is a
single dedicated NFS box). The server responds correctly from the same IP
address and port number that the client used.
I have also checked that the FW1 UDP connection table does have the correct
entry for this "connection". 

Oliver

> -----Original Message-----
> From: Michael Miller [mailto:Michael.Miller@oyster.com]
> Sent: 06 June 2001 16:52
> To: 'Oliver.Hemming@jet.uk'; 
> 'fw-1-mailinglist@lists.us.checkpoint.com'
> Subject: RE: [FW1] NFS fails on FW1 4.1 SP2 and SP3
> 
> 
> a quick question, are the nfs clients talking to a virtual IP 
> on the nfs
> server, or to the server's 'primary' IP address.  I have seen 
> this problem
> on Sun Clusters, whereby a client talks to the cluster 
> virtual IP and the
> UDP responses come from the cluster's real IP. the firewall 
> then blocks this
> packet because it is not recognised as a reply.
> 
> > -----Original Message-----
> > From: Oliver.Hemming@jet.uk [mailto:Oliver.Hemming@jet.uk]
> > Sent: Tuesday, June 05, 2001 1:06 PM
> > To: 'fw-1-mailinglist@lists.us.checkpoint.com'
> > Subject: [FW1] NFS fails on FW1 4.1 SP2 and SP3
> > 
> > 
> > 
> > We recently upgraded our Solaris 7 version of FW1-4.1 from 
> SP1 to SP3.
> > Unfortunately after this, new NFS mounts across the firewall stopped
> > working. After snooping, I found that the NFS portmap request 
> > works fine,
> > but when the client talks to the server on the supplied port 
> > number, the UDP
> > replies from the server are blocked by the firewall.
> > I also tried with SP2 but got exactly the same problem. I 
> > checked the RPC
> > definitions in base.def for both SP1 and SP3 and they appear 
> > identical. I
> > also checked that "Allow UDP Replies" is set.
> > The only way I have got it to work is by adding a rule to 
> > allow high-port
> > numbered UDP packets from the server to the client.
> > Has anybody else seen this problem or found how to resolve it.
> > 
> > 
> > ==============================================================
> > ==================
> >      To unsubscribe from this mailing list, please see the 
> > instructions at
> >                http://www.checkpoint.com/services/mailing.html
> > ==============================================================
> > ==================
> > 
> 
> ------------------------------------------------------------
> Internet communications are not secure and therefore Oyster 
> Partners Ltd
> does not accept legal responsibility for the contents of this 
> message. Any
> views or opinions presented are solely those of the author and do not
> necessarily represent those of Oyster Partners Ltd.
> 


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1]
Next by Date: RE: [FW1] Broadcast Garbage
Prev by thread: [FW1] NFS fails on FW1 4.1 SP2 and SP3
Next by thread: RE: [FW1] NFS fails on FW1 4.1 SP2 and SP3
Index(es):
- Date
- Thread