[OpenAFS] AFS-Client behind masquerading firewall

Derek Atkins warlord@MIT.EDU
19 Dec 2000 13:29:41 -0500

Sascha Silbe <Sascha@progbbs.staticky.com> writes:

> Hello!
> I'm trying to get the OpenAFS client to work behind a masquerading firewall
> (PPP dial-up with dynamic IP address that changes every 24 hours). For the
> first few minutes it works perfectly, but after a while it just complains
> about the network being down. :(
> Are there any options that could cause this problem? I saw that only UDP is
> used. Does AFS also work over TCP (don't know if the protocol supports it
> and couldn't find any info on this topic)? If the answer is yes, how do I g=
> et=20
> the OpenAFS client to use TCP?
> CU/Lnx Sascha

AFS does not currently support TCP operations.  AFS _does_ work behind
a masquerading firewall provided that you set the UDP timeouts high
enough to allow callbacks to occur.  I would recommend UDP timeouts in
the range of 10-15 minutes.  Note that this requires changes the
firewall, not your client.

You should also note that AFS might "hiccup" when the IP address
changes, at least until new callbacks can be set with the new IP.

       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available