[OpenAFS] AFS-Client behind masquerading firewall
Brandon S. Allbery KF8NH
allbery@ece.cmu.edu
Thu, 04 Jan 2001 17:32:21 -0500
On Thursday, January 04, 2001 22:29:15 +0100, Sascha Silbe
<sascha-ml-openafs-info@progbbs.staticky.com> wrote:
+-----
| DA> AFS _does_ work behind a masquerading firewall provided that you
| set the DA> UDP timeouts high enough to allow callbacks to occur.
| When do callbacks occur? Only within some time after a client request or
| anytime? On the same ports as the request or on a separate one?
+--->8
Any time a file which has been retrieved by a client changes on the server.
This could be weeks or months after the file was originally retrieved by
the cache manager on the client.
| DA> I would recommend UDP timeouts in the range of 10-15 minutes.
| Thanks! I'll see if it helps. Strangely the OpenAFS client does not work
+--->8
We use a modified kernel on the masquerade host which never expires
masquerading for port 7001/udp. (For Arla, the port should be 4711.) I've
heard that netfilter can be set up to use specific masq timeouts for
particular ports, so a linux 2.4 kernel shouldn't need patching to do this.
--
brandon s. allbery [os/2][linux][solaris][japh] allbery@kf8nh.apk.net
system administrator [WAY too many hats] allbery@ece.cmu.edu
electrical and computer engineering KF8NH
carnegie mellon university ["better check the oblivious first" -ke6sls]