Bug with netfilter and NFS server on same machine

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Lars Knudsen <gandalfit@virgilio.it>
To: netfilter@lists.netfilter.org
Subject: Bug with netfilter and NFS server on same machine
Date: Sat, 23 Nov 2002 17:26:18 +0100	[thread overview]
Message-ID: <3DDFAC2A.6060409@virgilio.it> (raw)

I have been experiencing problems running a nfs server and iptables on 
the same machine.The problem was also reported almost a year ago by Paul 
Raines 
http://lists.netfilter.org/pipermail/netfilter/2002-January/030002.html 
but it seems no solution has been found yet.

The problem is this: A machine running linux 2.4.18 or 2.4.19 works just 
fine when running just the kernel nfsd. A single client connected to the 
server with 100Mbit ethernet sees throughput of 5-10MByte/sec even after 
an hour or two of continous transfers. If the nfs server is also running 
iptables the throughput is initially the same (5-10MByte/sec) but after 
a while (200MByte-500MByte total transfer) the client starts reporting 
"nfs server not responding" followed after a while by "nfs server OK" 
and of course the transfer rate goes way down (< 1MByte/sec). Using 
tcpdump on the client seems to indicate that some packets have their 
headers garbled - wrong fragment ids being the typical error.

Having iptables compiled as modules and simply loading or unloading the 
ipt_conntrack module is
sufficient for causing/removing the problem. Having iptables support 
compiled into the kernel causes the problem allways.

The problem has been verified on 4 different machines with a variety of 
different ethernet cards. In
all cases the network continues to work without problems for all other 
types of traffic - i.e a telnet connection from client to server works 
with no delay and a ftp transfer goes at >5MByte/sec even when nfs 
throughput is suffering.

\Lars Knudsen

next             reply	other threads:[~2002-11-23 16:26 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-11-23 16:26 Lars Knudsen [this message]
2002-11-23 16:48 ` Bug with netfilter and NFS server on same machine Luciano Ruete
  -- strict thread matches above, loose matches on Subject: below --
2002-11-23 18:37 Lars Knudsen
2002-11-24 14:10 ` Daniel Egger

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3DDFAC2A.6060409@virgilio.it \
    --to=gandalfit@virgilio.it \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.