[OpenAFS] AFS and firewalls, in general terms

[jsherwin@subtle.org]

I have found, in my few internal tests, that the list from the previously
mentioned email
(http://grand.central.org/twiki/bin/view/AFSLore/AdminFAQ#3_17_Which_TCP_IP_ports_and_prot) 
is incomplete. I opened up all of those ports (actually up to 7009) and a
few others(tcp:2040, udp:88,750 as well as udp:1024-2048), and only found
limited functionality. For instance I could not klog in (the command would
simply time out), and I am using the AFS implementation, not MIT's. 

I too am very interested if anyone has experience getting all services to
run behind a firewall and what the configuration is. I would be interested
in having users at designated points in the DMZ to be able to access the
filespace where all the servers live behind some form of barrier.

jeff...