[OpenAFS-devel] Re: OpenAFS-devel digest, Vol 1 #934 - 8 msgs
Henry B. Hotz
hotz@jpl.nasa.gov
Tue, 30 Sep 2003 11:23:45 -0700
At 12:01 PM -0400 9/30/03, openafs-devel-request@openafs.org wrote:
>Message: 7
>Date: Tue, 30 Sep 2003 10:25:41 -0400 (EDT)
>From: Derrick J Brashear <shadow@dementia.org>
>To: OpenAFS-devel <openafs-devel@openafs.org>
>Subject: Re: [OpenAFS-devel] Stop me before I NAT again...
>
>On Tue, 30 Sep 2003, Mitch Collinsworth wrote:
>
>> In general this sounds like a great idea. I'm not certain about the
>> run-time configuration idea though. Again, what about mobile clients
>> that may pop up behind a NAT one time and on their own IP the next?
>> I think we need to decide that either a) it's ok to make this change
>> global for all clients, or b) it's not ok, only NAT-bound clients should
>> do this, and therefore the client should somehow auto-discover if it's
>> NAT-bound dynamically and adjust its behavior accordingly. Then it will
>
>I think b) is the right answer, but I'm unsure if there's any useful way
>to discover we're NATd. I can't think of any that doesn't involve being
>helped by new code in some remote agent.
Is there any way to tie this to the Kerberos layer? For K5 you have
a real address unless you specifically get an addressless ticket (in
which case you are probably doing it because you are behind a NAT).
Alternatively, (if we can't find a better way) we could assume NAT if
we have a non-routable IP address (A: 10.x.x.x, B: <I forget>, C:
192.168.x.x).
I'm just talking here. I think we ought to add something specific to
identify the situation in "the remote agent". If the feature isn't
implemented on one side then the above might be fallback defaults.
--
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu