headers
Chris Dos | 3 Mar 2003 04:23

New error

I had a system crash on my main server and now that it's up, I'm 
constantly seeing this error in /var/log/messages and on the console

"kernel: nfsd: request from insecure port (ac1e02bc:47720)!"

I have no idea if this was happening before on this server as it's been 
completly rock solid and has been running as an extreamly high volume 
NAS for serveral servers for that last six months and I haven't needed 
to go into the server.  I'm running kernel 2.4.19 with all the NFS 
patches as of six months ago.  Any ideas on what might be causing this? 
  Thanks in advance.

	Chris Dos

-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
NFS maillist  -  NFS <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs
Permalink | Reply | 1 comment |
headers
Ion Badulescu | 3 Mar 2003 15:25

Re: New error

On Sun, 02 Mar 2003 20:23:49 -0700, Chris Dos <chris <at> chrisdos.com> wrote:
> I had a system crash on my main server and now that it's up, I'm 
> constantly seeing this error in /var/log/messages and on the console
> 
> "kernel: nfsd: request from insecure port (ac1e02bc:47720)!"

So who is 172.30.2.188 and why did it decide to use a non-privileged 
port upon reconnecting?

Is that box a MacOS X box by any chance? Is it mounting from your server 
using TCP? That would be a known bug in the Darwin kernel...

Ion

--

-- 
  It is better to keep your mouth shut and be thought a fool,
            than to open it and remove all doubt.

-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
NFS maillist  -  NFS <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs
Permalink | Reply | 0 comments |
headers
Robert Rati | 4 Mar 2003 01:10

NFS through firewall

I am trying to provide a directory to the outside world through a 
firewall via NFS.  I can mount the directory from another system, but 
when I try to list the contents of the directory the firewall blocks the 
communication.  I see that the host system is attempting to send data on 
port 65535 using the UDP protocol.  I have the following firewall rule 
that SHOULD match it, but isn't:

/sbin/ipchains -A output -j ACCEPT -i eth0 -p udp --source-port 61000:65535

I have set the local port range to be 61000-65535.  My question is, why 
is NFS choosing port 65535 to transfer data?  Is it using the local port 
range?  I tried changing the port range and restarting the NFS daemons, 
but it still tried to use port 65535.

I know this isn't necessarily a firewall expert group, but have there 
been any issues with ipchains/2.2 kernels blocking NFS traffic on port 
65535?

Rob

-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger 
for complex code. Debugging C/C++ programs can leave you feeling lost and 
disoriented. TotalView can help you find your way. Available on major UNIX 
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
NFS maillist  -  NFS <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs
(Continue reading)

Permalink | Reply | 2 comments |
headers
Philippe Troin | 4 Mar 2003 01:33

Re: NFS through firewall

Robert Rati <Robert.Rati <at> motorola.com> writes:

> I am trying to provide a directory to the outside world through a
> firewall via NFS.  I can mount the directory from another system, but
> when I try to list the contents of the directory the firewall blocks
> the communication.  I see that the host system is attempting to send
> data on port 65535 using the UDP protocol.  I have the following
> firewall rule that SHOULD match it, but isn't:
> 
> /sbin/ipchains -A output -j ACCEPT -i eth0 -p udp --source-port 61000:65535
> 
> I have set the local port range to be 61000-65535.  My question is,
> why is NFS choosing port 65535 to transfer data?  Is it using the
> local port range?  I tried changing the port range and restarting the
> NFS daemons, but it still tried to use port 65535.
> 
> I know this isn't necessarily a firewall expert group, but have there
> been any issues with ipchains/2.2 kernels blocking NFS traffic on port
> 65535?

It's a fragment, which will match with -f in ipchains.

Alternately, you may set the net.ipv4_always_defrag sysctl, or (for
2.4), insmod ip_conntrack.

Phil.

-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger 
for complex code. Debugging C/C++ programs can leave you feeling lost and
(Continue reading)

Permalink | Reply | 0 comments |
headers
Robert Myers | 4 Mar 2003 03:40
Picon

Re: NFS through firewall

Robert Rati wrote:

> I am trying to provide a directory to the outside world through a 
> firewall via NFS.  I can mount the directory from another system, but 
> when I try to list the contents of the directory the firewall blocks 
> the communication.  I see that the host system is attempting to send 
> data on port 65535 using the UDP protocol.  I have the following 
> firewall rule that SHOULD match it, but isn't:
>
> /sbin/ipchains -A output -j ACCEPT -i eth0 -p udp --source-port 
> 61000:65535 

Is this an  output chain on the client side?  Why should that cause the 
client to accept a communication on 65535?  Happens all the time: client 
requests data on port x, declines the response on port x.  Go figure.

Without seeing your entire ipchains config (and I wouldn't recommend 
posting it), I can't suggest a one-line fix,  but somewhere you need

/sbin/ipchains -A input -j ACCEPT -i eth0 -p  udp --source-port 61000:65535,

but I wouldn't recommend it.  Instead, specify that NFS use a port in 
the reserved range (1-1024) and don't open a hole in your firewall where 
hackers often lurk.

Check out

http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/NFS-HOWTO.html

for how to specify what port NFS is using.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Abhishek Rai | 4 Mar 2003 20:27
Picon
Favicon

profiling the nfs client

hi,
i need a profiling tool for profiling the nfs client
preferrably for 2.4.18
i tried kernprof but it doesn't serve the purpose as
kernprof seems to be giving the execution profile of
the core kernel image and not any modules (as is the
nfs client on my machine)

can anybody suggest one/give pointers etc

Thanks a lot
Abhishek

=====
"They thought to use and shame me but I win out by nature, because a true
freak cannot be made.  A true freak must be born." - K. Dunn
============================================================
Abhishek Rai
Final year,B.Tech, Computer Science and Engineering
IIT KGP,India
abbashake007 <at> yahoo.com 
============================================================ 

__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/

-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger
(Continue reading)

Permalink | Reply | 1 comment |
headers
Steve Dickson | 5 Mar 2003 13:08
Picon
Favicon

Re: profiling the nfs client

Try http://oprofile.sourceforge.net/

Abhishek Rai wrote:

>hi,
>i need a profiling tool for profiling the nfs client
>preferrably for 2.4.18
>i tried kernprof but it doesn't serve the purpose as
>kernprof seems to be giving the execution profile of
>the core kernel image and not any modules (as is the
>nfs client on my machine)
>
>can anybody suggest one/give pointers etc
>
>Thanks a lot
>Abhishek
>
>=====
>"They thought to use and shame me but I win out by nature, because a true
>freak cannot be made.  A true freak must be born." - K. Dunn
>============================================================
>Abhishek Rai
>Final year,B.Tech, Computer Science and Engineering
>IIT KGP,India
>abbashake007 <at> yahoo.com 
>============================================================ 
>
>
>__________________________________________________
>Do you Yahoo!?
(Continue reading)

Permalink | Reply | 0 comments |
headers
Mansell, Gary | 5 Mar 2003 16:33

My messages file is swamped with errors: kernel: svc: bad direction 256, dropping request

My messages file is swamped (95% full) with these errors:

Feb 25 05:08:18 dfgsrv kernel: svc: bad direction 256, dropping request
Feb 25 05:08:58 dfgsrv last message repeated 6 times
Feb 25 05:10:02 dfgsrv last message repeated 11 times
Feb 25 05:11:02 dfgsrv last message repeated 10 times
Feb 25 05:12:02 dfgsrv last message repeated 10 times
Feb 25 05:13:02 dfgsrv last message repeated 10 times
Feb 25 05:14:02 dfgsrv last message repeated 10 times
Feb 25 05:15:01 dfgsrv last message repeated 10 times
Feb 25 05:16:01 dfgsrv last message repeated 10 times
Feb 25 05:17:01 dfgsrv last message repeated 10 times
Feb 25 05:18:01 dfgsrv last message repeated 10 times
Feb 25 05:19:01 dfgsrv last message repeated 10 times

They seem to start to occur when the nfs server subsystem starts up. My hypothesis is that one particular
type of UNIX client is having trouble communicating properly with my server. I have had no reports back
from the users of the NFS client workstations that things are not working correctly but I am getting
thousands of messages swamping my messages file and this must be affecting performance at least on the server.

The machine is used an NFS and SMB fileserver to about 200 various UNIX and NT clients. It is a Dell PE2650 with
2x 2.4Ghz Zeons, 2Gb RAM, 2x 18Gb system disks mirrored with the onboard RAID controller, 500Gb EMC RAID 5
storage attached via 2x Qlogic QLA2300 FCAL cards. There is also an HP 2/20 autoloader attached via an
adaptec AHA3960 SCSI controller card. It is attached to the network via the two onboard Broadcom BCM5701
(groan) Gb network ports which are running in a bonded configuration.

The machine is running RH7.3 and kernel 2.4.18-18.7.xsmp and nfs-utils-0.3.3-5

I would appreciate it if someone could advise me what is wrong here - I can't see the wood for the trees :)
(Continue reading)

Permalink | Reply | 0 comments |
headers
Jonas Oberg | 6 Mar 2003 14:52
Picon
Picon
Favicon

Too many mounts

In our department we have a problem with our student server. It
appears that the Linux kernel limits the number of anonymous (nfs
et. al) mounts to 256. This is a problem for us, since we use
automount to mount home directories from our fileserver via NFS. We
are frequently in the range of 190-220 active mounts (we have set the
automount timeout to be about 30 seconds to get rid of idle mounts
quickly).

Does anyone have a solution for this problem? Would using devfs
perhaps solve the problem by allowing more anonymous mounts?

--

-- 
Jonas Öberg
Systems administrator/webmaster, Department of Informatics,
School of Economics and Commercial Law, Gothenburg University.
Phone. +46-31-7732717, Fax. +47-31-7734754

-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger 
for complex code. Debugging C/C++ programs can leave you feeling lost and 
disoriented. TotalView can help you find your way. Available on major UNIX 
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
NFS maillist  -  NFS <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs
Permalink | Reply | 1 comment |
headers
Ion Badulescu | 6 Mar 2003 15:07

Re: Too many mounts

On Thu, 06 Mar 2003 14:52:22 +0100, Jonas Oberg <jonas <at> informatik.gu.se> wrote:
> In our department we have a problem with our student server. It
> appears that the Linux kernel limits the number of anonymous (nfs
> et. al) mounts to 256. This is a problem for us, since we use
> automount to mount home directories from our fileserver via NFS. We
> are frequently in the range of 190-220 active mounts (we have set the
> automount timeout to be about 30 seconds to get rid of idle mounts
> quickly).
> 
> Does anyone have a solution for this problem? Would using devfs
> perhaps solve the problem by allowing more anonymous mounts?

The solution is to mount the entire home filesystem(s), not each 
student's home individually.

Ion

--

-- 
  It is better to keep your mouth shut and be thought a fool,
            than to open it and remove all doubt.

-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger 
for complex code. Debugging C/C++ programs can leave you feeling lost and 
disoriented. TotalView can help you find your way. Available on major UNIX 
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
NFS maillist  -  NFS <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs
(Continue reading)

Permalink | Reply | 0 comments |

Gmane