[OpenAFS] Multiple hosts behind firewall and AFS cell
Charles Clancy
security@xauth.net
Fri, 4 Oct 2002 12:10:06 -0500 (CDT)
> > I have a number of machines at home which I can log in to.
> >
> > If I login on multiple machines, the previous host looses
> > connection to the AFS file server.
> >
> > Example:
> > 1. Login in on host1. Homedir on AFS.
> > Works fine.
> > 2. Login in on host2. Homedir on AFS.
> > Works fine - BUT: host1 looses the connection
> > to the file server!
> >
> >
> > The firewall is a Linux machine, doing NAT (masquerading).
>
> How long are your UDP timeouts?
In my experience, I can get one client to work fine from behind a NAT by
using long UDP timeouts. However, dispite what others have reported, I've
never been able to get multiple clients to work from behind a NAT (using
both IPF on Solaris and Win2K Server's built-in NAT router).
Of course, you'll have even more trouble with your krb5 TGTs.
[ t charles clancy ]--[ tclancy@uiuc.edu ]--[ www.uiuc.edu/~tclancy ]