Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Issue with Firewall and NFS.

    Scheduled Pinned Locked Moved Firewalling
    4 Posts 3 Posters 3.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      Alex92
      last edited by

      Hi all,
      I'm using pfSense 2.0.1 as Loadbalancer and Firewall. Everything work fine (LB, http & https rules…) but not the NFS access !!
      When Firewall is on, even if TCP/UDP is allowed from : to :,  I cannot mount the NFS share from a CentOS. Furthermore, I do not have any port blocked in the log.
      If I desactivate the Firewall… it works... !!!
      I do not think it is related to port numbers because I have the same issue if everything is allowed.
      Really, I do not understand the difference between no firewall and firewall allowing everything.
      Any idea would be appreciated.
      thanks,

      1 Reply Last reply Reply Quote 0
      • marcellocM Offline
        marcelloc
        last edited by

        take a look at system->advanced -> firewall/NAT -> IP Do-Not-Fragment compatibility

        description says:
        Clear invalid DF bits instead of dropping the packets
        This allows for communications with hosts that generate fragmented packets with the don't fragment (DF) bit set. Linux NFS is known to do this. This will cause the filter to not drop such packets but instead clear the don't fragment bit.

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • A Offline
          Alex92
          last edited by

          hi, still the same issue :  timed out…
          "clear invalid DF bits" & "Disables the PF scrubbing" are both checked !! 
          Really weird !

          1 Reply Last reply Reply Quote 0
          • C Offline
            cmb
            last edited by

            It's likely NAT that's breaking it rather than the firewall. Static port is generally necessary to not break NFS.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.