HPE Community
Operating System - HP-UX
1823758 Members
4282 Online
109664 Solutions
New Discussion юеВ

NFS timeout through firewall

 
Bigcountry_1
Advisor

тАО07-25-2007 01:26 AM

тАО07-25-2007 01:26 AM

NFS timeout through firewall

I have applied the NFS patch to allow locking down lockd,statd,mountd and have successfully set up NFS through a cisco firewall. Now I am on a new firewall, not sure which one, but it is more of an application firewall, and can not get the same thing to work. This is what is in the NFS clients syslog:

vmunix: clnt_dispatch_notifyconn() [wq0x48653a00]:
T_CONN_CON missed.

and this is what is in the firwall log:

Jul 24, 2007 07:51:53.657 servera.com kernel[1354] 10487: Connection completed, Source IP=x.x.x.x, Destination IP=y.y.y.y, Source P
ort=65077, Destination Port=111, Detail=Idle timeout, Source Interface
=eth1, Destination Interface=eth0, Protocol=111/udp, Rule=54,
Duration=61.1, ID=1aORa, Sent=64, Received=36, Bytes=100,
Server Source=x.x.x.x, Server Source Port=65077


Not sure where to go from here. Again, the same steps and rules in a Cisco firewall work. This firewall is showing the packets pass, but portmap shows a timeout.
0 Kudos
Reply
4 REPLIES 4
Steven E. Protter
Exalted Contributor

тАО07-25-2007 01:44 AM

тАО07-25-2007 01:44 AM

Re: NFS timeout through firewall

Shalom,

You don't share with us the OS or version of NFS. The approach to solving this issue would be totally different NFS 3 versus NFS 4.

uname -a

nfsstat

Please post.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Bigcountry_1
Advisor

тАО07-25-2007 01:47 AM

тАО07-25-2007 01:47 AM

Re: NFS timeout through firewall

good point...sorry...

HPUX 11.11

nfsstat

Server rpc:
Connection oriented:
calls badcalls nullrecv
89 0 0
badlen xdrcall dupchecks
0 0 5
dupreqs
0
Connectionless oriented:
calls badcalls nullrecv
76 0 0
badlen xdrcall dupchecks
0 0 0
dupreqs
0

Server nfs:
calls badcalls
163 0
Version 2: (10 calls)
null getattr setattr
3 30% 1 10% 0 0%
root lookup readlink
0 0% 3 30% 0 0%
read wrcache write
0 0% 0 0% 0 0%
create remove rename
0 0% 0 0% 0 0%
link symlink mkdir
0 0% 0 0% 0 0%
rmdir readdir statfs
0 0% 2 20% 1 10%
Version 3: (153 calls)
null getattr setattr
12 7% 75 49% 2 1%
lookup access readlink
7 4% 20 13% 0 0%
read write create
0 0% 0 0% 2 1%
mkdir symlink mknod
0 0% 0 0% 0 0%
remove rmdir rename
1 0% 0 0% 0 0%
link readdir readdir+
0 0% 2 1% 24 15%
fsstat fsinfo pathconf
2 1% 6 3% 0 0%
commit
0 0%

Client rpc:
Connection oriented:
calls badcalls badxids
10 10 0
timeouts newcreds badverfs
0 0 0
timers cantconn nomem
0 10 0
interrupts
0
Connectionless oriented:
calls badcalls retrans
0 0 0
badxids timeouts waits
0 0 0
newcreds badverfs timers
0 0 0
toobig nomem cantsend
0 0 0
bufulocks
0

Client nfs:
calls badcalls clgets
10 10 10
cltoomany
0
Version 2: (1 calls)
null getattr setattr
0 0% 1 100% 0 0%
root lookup readlink
0 0% 0 0% 0 0%
read wrcache write
0 0% 0 0% 0 0%
create remove rename
0 0% 0 0% 0 0%
link symlink mkdir
0 0% 0 0% 0 0%
rmdir readdir statfs
0 0% 0 0% 0 0%
Version 3: (9 calls)
null getattr setattr
0 0% 9 100% 0 0%
lookup access readlink
0 0% 0 0% 0 0%
read write create
0 0% 0 0% 0 0%
mkdir symlink mknod
0 0% 0 0% 0 0%
remove rmdir rename
0 0% 0 0% 0 0%
link readdir readdir+
0 0% 0 0% 0 0%
fsstat fsinfo pathconf
0 0% 0 0% 0 0%
commit
0 0%
0 Kudos
Reply
Bigcountry_1
Advisor

тАО07-25-2007 01:47 AM

тАО07-25-2007 01:47 AM

Re: NFS timeout through firewall

Both client and server are 11.11
0 Kudos
Reply
Bigcountry_1
Advisor

тАО07-25-2007 01:54 AM

тАО07-25-2007 01:54 AM

Re: NFS timeout through firewall

I guess I could add that from the client, a showmount -e server_name works.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.