[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Scrub and fragments



On Mon, Nov 18, 2002 at 05:25:43AM -0800, Dan Moinescu wrote:
> As it happens, some NFS packets are fragmented and the
> "scrub in" directive was blocking the fragments.
> I removed the scrub lines and it worked, but then I
> tried the same NFS thing with a machine behind the
> firewall and it failed again.
> This time, it was because the NFS fragments were
> passing through the firewall without being NATed, as
> the full IP datagrams were, and this obviously
> confused the server.
> 
> So it looks like pf on 3.1 can't handle fragments. Was
> this fixed in 3.2?
you fail to give details. I bet you are using a linux box as NFS client.
linux sends fragmented NFS packets with the Don't Fragment bit set, which,
well, go figure yourself.