[OpenAFS] Where to put NetRestrict?

Jakub Witkowski jpw@wszib.edu.pl
Tue, 26 Sep 2006 10:03:31 +0200


--=-AlAVJTRHUUqgWObg0HVo
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Hello,

I remember this once mentioned on this list, but my recent experience
shows this problem is still open:

I have a server that usually has only one IP addres, a public one. Due
to various outside conditions, I had to plug a crossover cable to
another interface in that machine and assign it a private IP; I have not
intended it to be used for AFS.=20
However, even despite no fs server restarts, it somehow picked up the
new address and put it into vldb.=20

Noticing that, I have put NetRestrict files all over the /etc/openafs,
with following contents:

10.255.255.255

and happily restarted fs process (using bos restart method). To my
surprise, the private ip (10.10.10.11, to be exact) showed right back up
in vos listaddr output, and while I can suppress it by using vos
changeaddr, it's only a temporary kludge.=20

I have put NetRestrict in following locations:
/etc/openafs
/etc/openafs/server
/etc/openafs/server-local

All of the above files are identical.
The fs server in question runs OpenAFS 1.4.1-2 from Debian (Ubuntu)
package.

Any suggestions?

Jakub Witkowski.

--=-AlAVJTRHUUqgWObg0HVo
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: To jest =?UTF-8?Q?cz=C4=99=C5=9B=C4=87?= listu
	podpisana cyfrowo

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQBFGN7TPvYxqEVjYFERAqLXAJwK983mvf8S0OU8ekB5RN8Q9UGpkQCfSkkp
ZN5CwJ0AWgh6R9VbvYlSR4M=
=Dfxh
-----END PGP SIGNATURE-----

--=-AlAVJTRHUUqgWObg0HVo--