Michael
No, the clients are talking to the server's primary IP address (it is a
single dedicated NFS box). The server responds correctly from the same IP
address and port number that the client used.
I have also checked that the FW1 UDP connection table does have the correct
entry for this "connection".
Oliver
> -----Original Message-----
> From: Michael Miller [mailto:[EMAIL PROTECTED]]
> Sent: 06 June 2001 16:52
> To: '[EMAIL PROTECTED]';
> '[EMAIL PROTECTED]'
> Subject: RE: [FW1] NFS fails on FW1 4.1 SP2 and SP3
>
>
> a quick question, are the nfs clients talking to a virtual IP
> on the nfs
> server, or to the server's 'primary' IP address. I have seen
> this problem
> on Sun Clusters, whereby a client talks to the cluster
> virtual IP and the
> UDP responses come from the cluster's real IP. the firewall
> then blocks this
> packet because it is not recognised as a reply.
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, June 05, 2001 1:06 PM
> > To: '[EMAIL PROTECTED]'
> > Subject: [FW1] NFS fails on FW1 4.1 SP2 and SP3
> >
> >
> >
> > We recently upgraded our Solaris 7 version of FW1-4.1 from
> SP1 to SP3.
> > Unfortunately after this, new NFS mounts across the firewall stopped
> > working. After snooping, I found that the NFS portmap request
> > works fine,
> > but when the client talks to the server on the supplied port
> > number, the UDP
> > replies from the server are blocked by the firewall.
> > I also tried with SP2 but got exactly the same problem. I
> > checked the RPC
> > definitions in base.def for both SP1 and SP3 and they appear
> > identical. I
> > also checked that "Allow UDP Replies" is set.
> > The only way I have got it to work is by adding a rule to
> > allow high-port
> > numbered UDP packets from the server to the client.
> > Has anybody else seen this problem or found how to resolve it.
> >
> >
> > ==============================================================
> > ==================
> > To unsubscribe from this mailing list, please see the
> > instructions at
> > http://www.checkpoint.com/services/mailing.html
> > ==============================================================
> > ==================
> >
>
> ------------------------------------------------------------
> Internet communications are not secure and therefore Oyster
> Partners Ltd
> does not accept legal responsibility for the contents of this
> message. Any
> views or opinions presented are solely those of the author and do not
> necessarily represent those of Oyster Partners Ltd.
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
