[OpenAFS] AFS servers (vl, file, & db) behind NAT
Brett Johnson
mlafsinfo@k50.net
Mon, 11 Jun 2001 13:21:59 -0500
I had this happen to me when I was doing a test setup also using a
FireWall-1 4.1.
Since I used to work in the Check Point support center, here's the official
can'd answer:
"A special module for the service in question would have to be written to
capture and translate the IP address that got through. Professional
Services could do this for a fee, or if there is enough demand, it will
eventually be written in."
Short answer: AFS server has to be a routable, non-NAT IP address. I
solved my problem by subnetting my class C and putting the AFS servers
there.
Just as a side note, I've had fairly good luck with the CLIENT (not server)
behind translation.
As NAT is a common setup, this would be a nice Request For Enhancements to
our programmer friends. :)
B++ / K90, Inc.
*********** REPLY SEPARATOR ***********
On 6/11/01, at 2:06 PM, Economou, Matthew [EESUS] wrote:
>I'm in the unfortunate position of having to use NAT, instead of
>having a decent number of routable addresses. When an AFS client
>on the Internet contacts the volume location server, the VL server
>returns the internal IP address of the file server (10.1.2.2),
>instead of the translated address (65.29.199.3).
>
>Does anyone know of a work-around? Would setting up a second,
>bogus volume location server do the trick, or perhaps some
>hackery on my firewall (which happens to be CheckPoint FireWall-1)?
>
>--
>Matthew X. Economou - EESUS Webmaster - 513-337-8486
>"Life's not fair, but the root password helps."