Issue with Firewall and NFS.

  • Hi all,
    I'm using pfSense 2.0.1 as Loadbalancer and Firewall. Everything work fine (LB, http & https rules…) but not the NFS access !!
    When Firewall is on, even if TCP/UDP is allowed from : to :,  I cannot mount the NFS share from a CentOS. Furthermore, I do not have any port blocked in the log.
    If I desactivate the Firewall… it works... !!!
    I do not think it is related to port numbers because I have the same issue if everything is allowed.
    Really, I do not understand the difference between no firewall and firewall allowing everything.
    Any idea would be appreciated.

  • take a look at system->advanced -> firewall/NAT -> IP Do-Not-Fragment compatibility

    description says:
    Clear invalid DF bits instead of dropping the packets
    This allows for communications with hosts that generate fragmented packets with the don't fragment (DF) bit set. Linux NFS is known to do this. This will cause the filter to not drop such packets but instead clear the don't fragment bit.

  • hi, still the same issue :  timed out…
    "clear invalid DF bits" & "Disables the PF scrubbing" are both checked !! 
    Really weird !

  • It's likely NAT that's breaking it rather than the firewall. Static port is generally necessary to not break NFS.

Log in to reply