Quoting Stanisław Kamiński <stasheck.f...@gmail.com>:
Could you share how did you find that they are dropped?
Mostly I's see lines like the following in the syslog of the host
running the firewall:
Apr 30 16:33:16 noord kernel: [181949.998779] DROP IN=br1 OUT=
PHYSIN=eth1 MAC=00:16:0a:24:d5:3d:00:25:2e:64:1a:8f:08:00
SRC=95.97.11.43 DST=95.97.10.82 LEN=104 TOS=0x00 PREC=0x00 TTL=62
ID=30486 PROTO=UDP SPT=7000 DPT=7001 LEN=84
A few packets would have a different destination port:
Apr 30 16:33:31 noord kernel: [181964.989020] DROP IN=br1 OUT=
PHYSIN=eth1 MAC=00:16:0a:24:d5:3d:00:25:2e:64:1a:8f:08:00
SRC=95.97.11.43 DST=95.97.10.82 LEN=104 TOS=0x00 PREC=0x00 TTL=62
ID=30491 PROTO=UDP SPT=7000 DPT=1025 LEN=84
At the moment there are 3-4 AFS workstations at each location and at
the end of the day I'd see 200-300 lines like this in the syslog.
There's no other reason for it that I can see, since UDP ports
7000-7007 are open in the firewalls on both ends. After the
ip_conntrack_udp timeouts were increased, all such entries in the
syslog disappeared.
Cheers,
Jaap
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
