Contributed by jose on from the fixing-what-is-broken dept.
"KernelTrap has an interesting story about how PF's scrub functionality conflicts with the Linux NFS implementation. Actually, it is probably better put the other way around, as the article explains Linux NFS does an odd thing...As usual, Daniel and Kernel Trap do an excellent job of bringing very useful, solid facts to the forefront.
The story explains, "essentially, the Linux NFS implementation with UDP PMTU discovery enabled sets the "don't fragment" bit on fragmented packets, which PF's packet normalization functionality determines to be improper and drops. PF author Daniel Hartmeier notes that by disabling PF's "scrub" option on the protocols/ports in question, you can allow the Linux NFS client/server to work as its authors intended."
(Comments are closed)