Tom Talpey wrote > In particular, if you do NLM file locking, there is a server callback (NLM > "granted") which the server may choose to issue via UDP. If this callback > is not seen by the client due to firewall blocking, there may be a 30-second > pause before a client retry unblocks the caller. > > Also, the NSM (status monitor) exchanges are often performed via UDP. > Again, if you are using NLM and the server reboots, the client may not > become aware of this promptly, and lock reclaim will be affected. > > OTOH, if your applications don't use locking on the NFS mounts, you'll > probably be fine. We do use locking on nfs mounts, so I wonder what that would mean for the firewall. Currently I see connections from the NFS server *from* port 700 and 111 (we've fixed mountd port to 700) to (it seems) arbitrary udp ports on the NFS clients. Would that be enough to allow those? Or could the source ports be arbitrary with NLM, too? I.e., would we have to open all udp traffic from the NFS servers to all the NFS clients? cu, Frank -- Dipl.-Inform. Frank Steiner Web: http://www.bio.ifi.lmu.de/~steiner/ Lehrstuhl f. Bioinformatik Mail: http://www.bio.ifi.lmu.de/~steiner/m/ LMU, Amalienstr. 17 Phone: +49 89 2180-4049 80333 Muenchen, Germany Fax: +49 89 2180-99-4049 * Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. * ------------------------------------------------------------------------------ The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com _______________________________________________ NFS maillist - NFS@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/nfs _______________________________________________ Please note that nfs@xxxxxxxxxxxxxxxxxxxxx is being discontinued. Please subscribe to linux-nfs@xxxxxxxxxxxxxxx instead. http://vger.kernel.org/vger-lists.html#linux-nfs -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html