[OpenAFS] OpenAFS server behind NAT?
Noel Burton-Krahn
noel@bkbox.com
Sun, 18 May 2003 22:39:21 -0700
Anyone set up an AFS server behind a NAT firewall? I've had no luck in the
archives. Here's my setup:
I've got an AFS server with a 192.168 address behind a NAT firewall with a
real IP.
Internet
|
|
NAT firewall
ip.real
|
|
AFS server
192.168.1.1
First problem: AFS reports its 192.168.1.1 address to clients, who of course
can't connect back. I fixed that by putting the real IP in NetInfo and the
fake in NetRestrict. I also had to add a fake interface on the AFS server
with the real IP address
# /usr/afs/etc/NetInfo
ip.real
# /usr/vice/local/NetRestrict
192.168.1.1
# set up fake interface on AFS server with real IP
ifconfig eth0:0 ip.real
Now I look at both machines
fs getclientaddrs
fs getserverprefs
and they have only the real IP, good!
But, listing my behind-the-fireall AFS server still hangs forever on a
remote client. I've checked out a tcpdump on both client and server while
the client is hung. I see that both sides are exchanging afs3-fileserver
and afs3-callback traffic, but the client is missing some fileserver
responses.
Help! Is there any way to get an AFS server working behind a NAT firewall?
Noel Burton-Krahn
noel@bkbox.com
250-382-8767
BKbox - The total remote office solution
http://www.bkbox.com