[OpenAFS] ISP blocking Krb4 traffic?
ted creedon
tcreedon@easystreet.com
Thu, 22 Apr 2004 12:47:24 -0700
An ISP should not block any port.
I assume that you can recompile using other ports or use a socks proxy or
set up your own NAT settings using fwbuilder. (i.e. build your own firewall
and translate there) - that would be the quickest.
tedc
-----Original Message-----
From: openafs-info-admin@openafs.org [mailto:openafs-info-admin@openafs.org]
On Behalf Of John Hascall
Sent: Thursday, April 15, 2004 9:10 AM
To: Ryan Underwood
Cc: openafs-info@openafs.org
Subject: Re: [OpenAFS] ISP blocking Krb4 traffic?
> I've noticed recently that our ISP seems to be dropping outbound traffic
> with a destination port equal to 4444. I think this is to circumvent
> some Windows worm that uses that port. However, it has the side effect
> of completely neutering Kerberos 4 usage to an off-site realm, because
> traffic on port 4444 from the client to the krb4 KDC (or krb524) is
> dropped.
> Is anyone else experiencing this problem, and also are there any
> convenient workarounds for this? What complete stupidity.
We have been able to convince some ISPs to block
only 4444/tcp and not 4444/udp. Others have been
thicker-headed. The only solution we have found
for our clients behind such boneheadedness is to
use a VPN (or switch ISPs).
It would be nice to be able to configure the 524 client
stuff to use a different port...
John
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info