[OpenAFS] AFS-Client behind masquerading firewall

Brandon S. Allbery KF8NH allbery@ece.cmu.edu
Thu, 04 Jan 2001 17:32:21 -0500

On Thursday, January 04, 2001 22:29:15 +0100, Sascha Silbe 
<sascha-ml-openafs-info@progbbs.staticky.com> wrote:
|   DA> AFS _does_ work behind a masquerading firewall provided that you
|   set the  DA> UDP timeouts high enough to allow callbacks to occur.
| When do callbacks occur? Only within some time after a client request or
| anytime? On the same ports as the request or on a separate one?

Any time a file which has been retrieved by a client changes on the server. 
This could be weeks or months after the file was originally retrieved by 
the cache manager on the client.

|   DA> I would recommend UDP timeouts in the range of 10-15 minutes.
| Thanks! I'll see if it helps. Strangely the OpenAFS client does not work

We use a modified kernel on the masquerade host which never expires 
masquerading for port 7001/udp.  (For Arla, the port should be 4711.)  I've 
heard that netfilter can be set up to use specific masq timeouts for 
particular ports, so a linux 2.4 kernel shouldn't need patching to do this.

brandon s. allbery     [os/2][linux][solaris][japh]    allbery@kf8nh.apk.net
system administrator        [WAY too many hats]          allbery@ece.cmu.edu
electrical and computer engineering                                    KF8NH
carnegie mellon university      ["better check the oblivious first" -ke6sls]