--On Tuesday, December 23, 2003 22:21:17 +1300 Andrew Thompson <andy_at_fud.org.nz> wrote: > On Wed, Nov 26, 2003 at 08:16:44AM -0700, Scott Long wrote: >> It's my pleasure to announce the availability of 5.2-BETA ISO images and >> ftp install sets for i386 and alpha. >> [snip] >> - NFS might be unstable in certain situations, though we have not been >> able to identify what situations yet. > > I have been experiencing the nfs hangs like a few other people with > current for several months. > > I have narrowed it down to using pf from ports with the line, > > scrub in all > > in the conf file (on the server). I can read files fine, but any writes > will hang the process and "nfs server not available" lines appear in the > logs. > > If I remove that line and reload the pf rules, the copy will resume > immediately. > > ># pkg_info | grep pf > pf_freebsd-2.00_1 OpenBSD pf as a kldmodule ># uname -a > FreeBSD kate.fud.org.nz 5.2-RC FreeBSD 5.2-RC #0: Sat Dec 13 00:52:30 > NZDT 2003 andy_at_kate.fud.org.nz:/usr/obj/usr/src/sys/KATE i386 > > > Is anyone else seeing this? I am seeing this. Also using OpenBSD pf on: FreeBSD 5.2-CURRENT #0: Sun Dec 28 08:55:02 EST 2003 Both server and client are running the same FreeBSD build. A simple ls on the mounted filesystem would hang. I worked around this by changing the pf normalization rules from: scrub in all to: scrub in on $wan_if all scrub on $lan_if all no-df random-id reassemble tcp where I only do NFS on $lan_if. Otherwise I suppose the following would work just as well: scrub all no-df random-id reassemble tcp According to <http://www.OpenBSD.org/faq/pf/scrub.html> no-df is the magic option for this situation. However doing NFS over UDP still hangs, but at least TCP works fine. I did add the -h option to nfs_server_flags in rc.conf(5) as per the nfsd(8) man page: If nfsd is to be run on a host with multiple interfaces or interface aliases, use of the -h option is recommended. If you do not use the option NFS may not respond to UDP packets from the same IP address they were sent to. Use of this option is also recommended when securing NFS exports on a firewalling machine such that the NFS sockets can only be accessed by the inside interface. So to sum it up: 0) NFS over UDP still hangs 1) use the -h option to nfsd(8) 2) use the -T option to mount_nfs(8) 3) use "no-df" option to the "scrub" rule in pf(4) Hope this helps.. -- Yarema http://yds.CoolRat.orgReceived on Wed Dec 31 2003 - 02:20:45 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:36 UTC