Find the answer to your Linux question:
Results 1 to 10 of 10
I am running linux inside a xen vm and having trouble with nfs mounts. The nfs server is set up to recognize the host ip so I use iptables with ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    May 2009
    Posts
    8

    nfs over iptables


    I am running linux inside a xen vm and having trouble with nfs mounts. The nfs server is set up to recognize the host ip so I use iptables with an SNAT rule to allow my vm to talk to the nfs server. I can mount just fine but if I make nfs send packets above a certain size (~1400) then the nfs server won't respond and my vm will basically hang.

    I have determined that it is a fragmentation issue because when I lower the MTU then the maximum packet size I can send goes down as well. As a workaround for now I use rsize=1024 and wsize=1024 options to nfs, but this lowers performance by about 3x.

    Why would using iptables result in extra fragmentation and is there a way around it?

  2. #2
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,672
    There is so much information not being stated here.

    1. First where is the firewall located?
    2. What is the bandwidth that the system is connected to?
    3. What sizes are you talking about you show a few numbers but where does the 1400 come into play?
    4. Are you talking window size or MTU?
    5. Have you tried to use nfs without using iptables?

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  3. #3
    Just Joined!
    Join Date
    May 2009
    Posts
    8
    1. the firewall (iptables rules) are on the host running the xen machine
    2. bandwidth is 100mbit/s
    3. I wrote a program that spits out N characters, where N is an argumnet to the program. Using default parameters to nfs when I mount N can be a maximum of 1328. If I use N of 1329 then it hangs.
    4. MTU. I used 'ifconfig eth0 mtu 1000'
    5. The host uses nfs without iptables and that works fine with default parameters. Inside the vm I cannot mount nfs without using iptables because the server only recognizes the host's ip, not the ip of the vm. This can't be changed.

  4. #4
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,672
    Are the host's ip and the vm's ip on the same network, i.e., 192.168.1.x?

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  5. #5
    Just Joined!
    Join Date
    May 2009
    Posts
    8
    No, the host is on 155.98.x.x and the vm is 172.18.x.x

  6. #6
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,672
    Would be easier if they were both on the same network, would take iptables out of the picture. I still do not believe iptables is the issue here but because both hosts and vm are not on the same network we cannot prove this. I believe this has more to do with the hosting software. Iptables is doin't nothing more then changing the SRC Address.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  7. #7
    Just Joined!
    Join Date
    May 2009
    Posts
    8
    Yes I agree with your understanding about iptables which is why I'm so confused. I'm not sure I can set the vm ip to a 155.98.x address due to other constraints.

    The nfs server I am using uses version 2 if that makes a difference. Any ideas of anything else to check? I'm not using any complicated software, just linux+xen+iptables+mount.

  8. #8
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,672
    What does your iptables rules look like?

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  9. #9
    Just Joined!
    Join Date
    May 2009
    Posts
    8
    /sbin/iptables -t nat -A POSTROUTING -j SNAT --to-source $host_ip -s $vm_ip --destination $nfs_server -o eth0

  10. #10
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,672
    This is not the complete rule set I was looking to see the complete rules.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •