I have been trying for a while to get the IP Filter rules just right for
NFS with mixed results.
Does anyone have a template of how this is supposed to work and if I
need to tweak parameters in the kernel, per rule using this "age x/y"
option (I don't know what x/y represent) and if my rule rules are
correct for fragmented and non-fragmented packets, etc.
I currently have the following rpcinfo from the NFS Server (a NetApp
Filer) which stays static upon reboots, etc so no worries about that:
[EMAIL PROTECTED] rpcinfo -p idc-na1-svc
program vers proto port service
100024 1 tcp 4047 status
100024 1 udp 4047 status
100011 1 udp 4049 rquotad
100021 4 tcp 4045 nlockmgr
100021 3 tcp 4045 nlockmgr
100021 1 tcp 4045 nlockmgr
100021 4 udp 4045 nlockmgr
100021 3 udp 4045 nlockmgr
100021 1 udp 4045 nlockmgr
100005 3 tcp 4046 mountd
100005 2 tcp 4046 mountd
100005 1 tcp 4046 mountd
100005 3 udp 4046 mountd
100005 2 udp 4046 mountd
100005 1 udp 4046 mountd
100003 4 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 2 tcp 2049 nfs
100003 3 udp 2049 nfs
100003 2 udp 2049 nfs
100000 2 tcp 111 rpcbind
100000 2 udp 111 rpcbind
[EMAIL PROTECTED]
