From: Trond Myklebust <trond.myklebust@fys.uio.no>
To: Frank Steiner <fsteiner-mail1-G0GEQqhI7DhYiKXMg8wJIg@public.gmane.org>
Cc: nfs@lists.sourceforge.net
Subject: Re: [NFS] nfs-over-tcp still needs udp ports? (SLES 11)
Date: Thu, 07 May 2009 09:52:06 -0400 [thread overview]
Message-ID: <1241704326.4884.10.camel@heimdal.trondhjem.org> (raw)
In-Reply-To: <4A02DAA8.6050005-G0GEQqhI7DhYiKXMg8wJIg@public.gmane.org>
On Thu, 2009-05-07 at 14:57 +0200, Frank Steiner wrote:
> Hi,
>
> I'm fighting with my firewall to get nfs-over-tcp through.
>
> The server is outside the firewall, the client is inside. The firewall
> allows all tcp back-connections (without syn), no UDPs. Mount on the
> client side worked fine with kernel 2.6.16 in SLES 10.
>
> Now when the NFS client is running SLES 11 with its kernel 2.6.27,
> the NFS server tries to make UDP connections from its ports 111 and
> 700 to different ports on the client.
>
> If the client is running SLES 10 with 2.6.16, those connections are
> not tried from the server, no matter if the server runs 2.6.16 or
> 2.6.27.
>
> So I've two questions:
> 1) Should nfs-over-tcp still use any UDP ports at all?
> 2) What has been changed in the client code between 2.6.16 and 2.6.27
> that could cause this behaviour?
>
> Is there a way to prevent those UDP connects?
The default behaviour is to always try to use UDP to talk to mountd and
the portmapper in order to minimize the number of ports that get left in
the TIME_WAIT state. If you only want to use TCP, then you might try
using '-omountproto=tcp'
Cheers
Trond
PS: Note that nfs@lists.sourceforge.net is deprecated due to poor
anti-spam filtering. You should rather send posts directly to
linux-nfs@vger.kernel.org
------------------------------------------------------------------------------
The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your
production scanning environment may not be a perfect world - but thanks to
Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700
Series Scanner you'll get full speed at 300 dpi even with all image
processing features enabled. http://p.sf.net/sfu/kodak-com
_______________________________________________
NFS maillist - NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs
_______________________________________________
Please note that nfs@lists.sourceforge.net is being discontinued.
Please subscribe to linux-nfs@vger.kernel.org instead.
http://vger.kernel.org/vger-lists.html#linux-nfs
next prev parent reply other threads:[~2009-05-07 13:54 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-05-07 12:57 [NFS] nfs-over-tcp still needs udp ports? (SLES 11) Frank Steiner
2009-05-07 13:34 ` Leonardo Chiquitto
[not found] ` <c2d0b6ec0905070634p6888226cx5b2c8abae51cd1be-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2009-05-07 15:26 ` Frank Steiner
[not found] ` <4A02FDC3.9090709-G0GEQqhI7DhYiKXMg8wJIg@public.gmane.org>
2009-05-07 15:35 ` Tom Talpey
[not found] ` <4a02ffdf.1ac1f10a.637d.ffffbc3a-ATjtLOhZ0NVl57MIdRCFDg@public.gmane.org>
2009-05-07 16:08 ` Aaron Wiebe
[not found] ` <e7ca40f70905070908p595c1d23gef745a122ae09caa-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2009-05-07 16:42 ` Chuck Lever
2009-05-07 17:08 ` Tom Talpey
[not found] ` <4a031594.1c1d640a.6d45.5fed-ATjtLOhZ0NVl57MIdRCFDg@public.gmane.org>
2009-05-07 18:08 ` Aaron Wiebe
2009-05-08 6:03 ` Frank Steiner
[not found] ` <4A03CB1C.7020703-G0GEQqhI7DhYiKXMg8wJIg@public.gmane.org>
2009-05-08 12:27 ` Trond Myklebust
2009-05-11 14:59 ` Tom Talpey
[not found] ` <4a083d44.85c2f10a.4cf7.ffff85fb-ATjtLOhZ0NVl57MIdRCFDg@public.gmane.org>
2009-05-11 16:59 ` Chuck Lever
2009-05-12 13:51 ` Frank Steiner
2009-05-15 6:38 ` Frank Steiner
[not found] ` <4A0D0DFE.6040108-G0GEQqhI7DhYiKXMg8wJIg@public.gmane.org>
2009-05-15 13:48 ` Tom Talpey
[not found] ` <4a0d72a6.c5c2f10a.368f.5cc5-ATjtLOhZ0NVl57MIdRCFDg@public.gmane.org>
2009-05-18 9:18 ` Frank Steiner
[not found] ` <4A1127CE.5030701-G0GEQqhI7DhYiKXMg8wJIg@public.gmane.org>
2009-05-18 12:53 ` Tom Talpey
[not found] ` <4a115a4c.47c1f10a.53d0.ffff96cc-ATjtLOhZ0NVl57MIdRCFDg@public.gmane.org>
2009-05-22 11:05 ` Frank Steiner
[not found] ` <4A02DAA8.6050005-G0GEQqhI7DhYiKXMg8wJIg@public.gmane.org>
2009-05-07 13:52 ` Trond Myklebust [this message]
[not found] ` <1241704326.4884.10.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2009-05-07 14:03 ` Peter Åstrand
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1241704326.4884.10.camel@heimdal.trondhjem.org \
--to=trond.myklebust@fys.uio.no \
--cc=fsteiner-mail1-G0GEQqhI7DhYiKXMg8wJIg@public.gmane.org \
--cc=nfs@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox