jstoltz at nw-media.com
Mon Aug 26 13:27:00 CDT 2002
I'm having some problems getting NFS to work through a netscreen 5200
firewall. I'm using Redhat 7.3 for both the client and server. I can
mount however I can't copy or create any files over a few bytes.
Here is the messages that I am seeing in our debug:
find matched sess
flow_ip_send: 10.1.3.226->10.12.12.10 => ethernet1/2
mac 0003479601ea in session
Send to ethernet1/2 (202)
rcv non-first-frag UDP pak
frag session (id 39632) found.
packet dropped, first session packet can not be frag
vhl=45, id=39632, frag=6000, ttl=64
ports 800->2049, len=4260
Kind if cryptic I know. things to note are the session id ( 39632 for
this flow ), and the message: "packet dropped, first session packet can
not be frag"
I guess what I do not understand is why the application seems to NOT be
sending the first packet first, as opposed to sending a packet that is a
fragment. Upon seeing this packet as the first for this session, we are
seeing it as an illegal setup message and does not follow our stateful
setup rules for UDP sessions setup.
Any ideas how I can work around this?
More information about the Linux-PowerEdge