[OpenAFS] Help - Failed to load AFS client

Derek Atkins warlord@MIT.EDU
04 Nov 2002 19:30:07 -0500


I think you can probably just use:

-A input -s 0/0 -d 0/0 7000:7009 -p udp -j ACCEPT

You don't need -y (that's for TCP only).  You also probably need to
reboot...  Note, however, that this may not be sufficient.  Is there
any reason you don't just allow all UDP ports in and out?

-derek

Tommy Mann <tmann@black.ils.unc.edu> writes:

> Okay, I added the following the ipchains (leaving everything else as is):
> 
> -A input -s 0/0 -d 0/0 7000 -p udp -y -j ACCEPT
> -A input -s 0/0 -d 0/0 7001 -p udp -y -j ACCEPT
> -A input -s 0/0 -d 0/0 7002 -p udp -y -j ACCEPT
> -A input -s 0/0 -d 0/0 7003 -p udp -y -j ACCEPT
> -A input -s 0/0 -d 0/0 7004 -p udp -y -j ACCEPT
> -A input -s 0/0 -d 0/0 7005 -p udp -y -j ACCEPT
> -A input -s 0/0 -d 0/0 7006 -p udp -y -j ACCEPT
> -A input -s 0/0 -d 0/0 7007 -p udp -y -j ACCEPT
> -A input -s 0/0 -d 0/0 7008 -p udp -y -j ACCEPT
> -A input -s 0/0 -d 0/0 7009 -p udp -y -j ACCEPT
> 
> I'm still getting these in messages though:
> 
> Nov  4 19:23:01 black kernel: afs: Lost contact with volume location 
> server 130.237.48.107 in cell openafs.org
> 
> Do I need to restart afs or reboot after opening up these ports in 
> ipchains?  Or should I immediately be able to change into /afs and see the 
> contents of the openafs.org cell.
> 
> Tommy
> 
> 
> 
> 
> On 4 Nov 2002, Derek Atkins wrote:
> 
> > Tommy Mann <tmann@black.ils.unc.edu> writes:
> > 
> > > -A input -s 152.2.21.1 53 -d 0/0 -p udp -j ACCEPT
> > > -A input -s 152.2.253.100 53 -d 0/0 -p udp -j ACCEPT
> > > -A input -s 0/0 -d 0/0 -p udp -j REJECT
> > > 
> > > I'm not familiar with how to see what's going on in iptables -- I also see 
> > > netfilter on this machine and I'm not sure if that's a potential culprit?
> > 
> > The lines left above are the key.  Basically, the only UDP packets you
> > allow are DNS.  No other UDP is allowed...  That's why AFS is not working
> > for you.  Try fixing your firewall settings.  In particular, you need
> > to open up UDP ports 7000-7009.
> > 
> > > Tommy
> > 
> > -derek
> > 
> > 
> 

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available