[OpenAFS] Re: linux client behind NAT/Firewall: unable to resolve name to ID

Lars Schimmer l.schimmer@cgv.tugraz.at
Tue, 22 May 2012 15:34:01 +0200

Hash: SHA1

On 2012-05-21 16:26, Andrew Deason wrote:
> On Sun, 20 May 2012 00:14:31 +0200 (CEST) Lars Schimmer
> <l.schimmer@cgv.tugraz.at> wrote:
>> Hi!
>> I just tried to get a OpenAFS client on my home linux system. I
>> use a debian system with OpenAFS 1.6.1 and I opened ports
>> 7001-7007 and 88 UDP for incoming connections.
> Not 7000? (for fileserver access)

... missed.

>> About to resolve name lschimmer to id in cell cgv.tugraz.at.=20
>> Error -1 Set username to lschimmer Setting tokens. lschimmer @
>> cgv.tugraz.at
> [...]
>> So it cannot resolve my name to a ID.
>> But on a second machine (windows) behind te same firewall/NAT I
>> could get a ID for the name.
>> Which port did I miss?
> It should be port 7002, but you said you already allowed that. Can
> you 'pts ex lschimmer' ? If you look at a wire dump of udp traffic,
> it should be pretty easy to see what's not getting through. You
> should see some packets being periodically sent, with nothing
> coming in the reverse direction. And for the above example, I'd
> expect the client to be trying to contact port 7002 on one of the
> dbservers.

The client in question can not rxdebug server 7002. So no PTS access,
but it can access OpenAFS directory as if token is set correctly.
Other PC in network can reach PTS. And if I shutdown firewall on
client, I can reach PTS. Looks like I did block one bit to much.
But as long as I can live on without PTS it is fine for me. It is a
machine with some network load...

Lars Schimmer
- --=20
- -------------------------------------------------------------
TU Graz, Institut f=FCr ComputerGraphik & WissensVisualisierung
Tel: +43 316 873-5405       E-Mail: l.schimmer@cgv.tugraz.at
Fax: +43 316 873-5402       PGP-Key-ID: 0x4A9B1723

Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/