[OpenAFS] OpenAFS server behind NAT?

Noel Burton-Krahn noel@bkbox.com
Sun, 18 May 2003 22:39:21 -0700


Anyone set up an AFS server behind a NAT firewall?   I've had no luck in the
archives.  Here's my setup:

I've got an AFS server with a 192.168 address behind a NAT firewall with a
real IP.

Internet
|
|
NAT firewall
ip.real
|
|
AFS server
192.168.1.1

First problem: AFS reports its 192.168.1.1 address to clients, who of course
can't connect back.  I fixed that by putting the real IP in NetInfo and the
fake in NetRestrict.  I also had to add a fake interface on the AFS server
with the real IP address

# /usr/afs/etc/NetInfo
ip.real

# /usr/vice/local/NetRestrict
192.168.1.1

# set up fake interface on AFS server with real IP
ifconfig eth0:0 ip.real

Now I look at both machines
fs getclientaddrs
fs getserverprefs

and they have only the real IP, good!

But, listing my behind-the-fireall AFS server still hangs forever on a
remote client.  I've checked out a tcpdump on both client and server while
the client is hung.  I see that both sides are exchanging afs3-fileserver
and afs3-callback traffic, but the client is missing some fileserver
responses.


Help!  Is there any way to get an AFS server working behind a NAT firewall?

Noel Burton-Krahn
noel@bkbox.com
250-382-8767

BKbox - The total remote office solution
http://www.bkbox.com