[OpenAFS] client behind NAT firewall

Alex euergetikos.k@gmail.com
Tue, 05 Aug 2014 18:52:16 +0200

On 08/05/14 16:55, Jeffrey Altman wrote:
>> -all Openafs servers are behind the same NAT firewall. Firewall rules
>> can be changed.
> How many OpenAFS servers and how many public IP addresses on the NAT?

to simplify for now, and for testing, we will use just one machine with
one IP behind the firewall, as our main concern is how clients behave on
parallel access.
> Can you provide static mappings for the servers?
> OpenAFS services are required to be visible on explicit port numbers
>   file: 		7000/udp
>   protection: 		7002/udp
>   volume location:	7003/udp
>   volume mgmt		7005/udp
> at the very least the file and volume location services must be visible
> to clients.   If there are more than one instance of each AFS service
> and the NAT only supports one public IP address, then you will have a
> problem because only one instance of each service can be accessed by
> clients.

Is it possible to have one public IP and two different static routes,
for instance
7003/ goes to volume location database
7000/udp goes to file server.
How BOS server will behave in that case?