[OpenAFS-devel] Stop me before I NAT again...
Derrick J Brashear
shadow@dementia.org
Tue, 30 Sep 2003 10:25:41 -0400 (EDT)
On Tue, 30 Sep 2003, Mitch Collinsworth wrote:
> In general this sounds like a great idea. I'm not certain about the
> run-time configuration idea though. Again, what about mobile clients
> that may pop up behind a NAT one time and on their own IP the next?
> I think we need to decide that either a) it's ok to make this change
> global for all clients, or b) it's not ok, only NAT-bound clients should
> do this, and therefore the client should somehow auto-discover if it's
> NAT-bound dynamically and adjust its behavior accordingly. Then it will
I think b) is the right answer, but I'm unsure if there's any useful way
to discover we're NATd. I can't think of any that doesn't involve being
helped by new code in some remote agent.
> be safe to let users install the client w/o a sysadmin having to watch
> over their shoulder to make sure they don't screw up. Or worse, if the
> wrong installation options being chosen means the clients can DOS the cell
> then it's only a matter of time before someone does this malitiously
> rather than accidentally...
Well, they can do it now.