[OpenAFS-devel] Re: OpenAFS-devel digest, Vol 1 #934 - 8 msgs

Henry B. Hotz hotz@jpl.nasa.gov
Tue, 30 Sep 2003 11:23:45 -0700


At 12:01 PM -0400 9/30/03, openafs-devel-request@openafs.org wrote:
>Message: 7
>Date: Tue, 30 Sep 2003 10:25:41 -0400 (EDT)
>From: Derrick J Brashear <shadow@dementia.org>
>To: OpenAFS-devel <openafs-devel@openafs.org>
>Subject: Re: [OpenAFS-devel] Stop me before I NAT again...
>
>On Tue, 30 Sep 2003, Mitch Collinsworth wrote:
>
>>  In general this sounds like a great idea.  I'm not certain about the
>>  run-time configuration idea though.  Again, what about mobile clients
>>  that may pop up behind a NAT one time and on their own IP the next?
>>  I think we need to decide that either a) it's ok to make this change
>>  global for all clients, or b) it's not ok, only NAT-bound clients should
>>  do this, and therefore the client should somehow auto-discover if it's
>>  NAT-bound dynamically and adjust its behavior accordingly.  Then it will
>
>I think b) is the right answer, but I'm unsure if there's any useful way
>to discover we're NATd. I can't think of any that doesn't involve being
>helped by new code in some remote agent.

Is there any way to tie this to the Kerberos layer?  For K5 you have 
a real address unless you specifically get an addressless ticket (in 
which case you are probably doing it because you are behind a NAT).

Alternatively, (if we can't find a better way) we could assume NAT if 
we have a non-routable IP address (A: 10.x.x.x, B: <I forget>, C: 
192.168.x.x).

I'm just talking here.  I think we ought to add something specific to 
identify the situation in "the remote agent".  If the feature isn't 
implemented on one side then the above might be fallback defaults.
-- 
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu