[OpenAFS] OpenAFS Server on dynamic IP address

[David Botsch]

While I'm not sure what would happen if your ip address were to change, as long
as it remains constant, you can do this.

You just need to add to /usr/afs/local/NetInfo:

f realexternalipaddress

and then make sure your nat box is forwarding the afs server ports to your
internal afs server.

Of course, your clients that will use this server need to know about the server
(read CellServDB and such).

I'm actually running an openafs server doing this behind a NAT. Fortunately, my
ip address seems to rarely change (in fact, it has not since I frst started
running the server).

I've added these iptables rules to my linux nat box:

/sbin/iptables -A FORWARD -i eth1 --protocol udp --destination-port 7000 -j
ACCEPT

/sbin/iptables -t nat -A PREROUTING -i eth1 --protocol udp --destination-port
7000 -j DNAT --to internal.ip.address.of.afs.server:7000

for each of ports 7000, 7002, 7003, 7004, 7005, 7006, 7007, 7009

Note that in this setup, device eth1 is my external card on the nat box.

Now, because I also access this box from inside the internal network, its
NetInfo file also has its internal ip address. And, I will usually see the 50
second timeout from eiter outside or inside during the initial access while the
afs client attempts to access the other ip address of the machine and then
falls back to the one that works. 

So, that NetInfo file has two lines:

the first is just the ip address of the box on the interal net and the second
is that line I mentioned earlier beginning with an f.

Hope this all helps.
On Mon, May 26, 2003 at 08:48:45PM -0400, Jeff Layton wrote:
> I'm just getting my feet wet with OpenAFS and have just set up my first
> cell on my home network. I have a cable modem connection with a dynamic
> IP address, along with a dyndns.org address that gets updated when the
> IP address changes.
> 
> Is it possible to run an internet-accessable AFS server behind a
> masquerading firewall on such a setup? I've seen prior messages on the
> mailing list that talk about setting up servers behind masquerading
> firewalls, and I've seen where people have set up clients on dynamic IP
> addresses (and behind NAT firewalls).
> 
> In the small bit of perusing of documentation that I've done, it seems
> like the OpenAFS client works directly with IP addresses, and doesn't
> allow for the DB server's IP address to change. Is this the case?
> 
> -- 
> Jeff Layton <jtlayton@bigfoot.com>
> 	
> 
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info

-- 
********************************
David William Botsch
Consultant/Advisor II
CCMR Computing Facility
dwb7@ccmr.cornell.edu
********************************