On Tue, Feb 13, 2007 at 11:14:17PM +0100, Georg Mainik wrote: > Package: linux-image-2.6.18-3-686 > Version: 2.6.18-7 > Severity: normal > > Hello, > > this is my first bug report and I am trying my best to submit it in a > correct way and to give enough information for solving the problem. > > After installing and configuring a firewall, (Shorewall) I observed that > NFS broke down on the clients after a reboot -- not always, but in 80% > of all cases. > > With some help from a friend, I could find out that there was an > inconsistency in connection tracking: although the NFS connection was > established by the client, the NFS packages sent by the server did not > pass the sequence number check. > > After adding a log target to Shorewall's dropInvalid chain (there is > none by default), I saw the following in the syslog: > -----
[..] > ----- > > With some more help, I got a workaround for that: > echo "1" > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal > > After including this line into Shorewall's post-init script, the NFS > connection did not break down any more. > > I don't know whether the origin of the problem is in the netfilter or in > the nfs server or in the connection tracking on the client or server > (maybe the server does not notice the client reboot and goes on with > sequence numbers from the old connections?), but it is in the kernel -- > the firewall rules are correct and the packages are not recognized as a > part of the existing connection. Does this error still occur with more recent kernel versions? Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org