[OpenAFS] NetRestrict

Christian Ospelkaus christian@core-coutainville.org
Mon, 2 Feb 2004 11:58:16 +0100


Hello,

In my cell, all machines have both a public and a private address (actually, 
an alias address on the same physical interface) used for tunneling nis / nfs 
through ipsec. I would like to restrict afs to the public interfaces because 
the ipsec interfaces coming up and down seem to confuse the afs client 
occasionally. I am using Debian/unstable with OpenAFS 1.2.11. Here is what I 
do:

dick:~# locate NetRestrict
/etc/openafs/NetRestrict
/etc/openafs/server-local/NetRestrict
/usr/afs/local/NetRestrict
dick:~# cat `locate NetRestrict`
192.168.107.176
192.168.107.176
192.168.107.176
dick:~# vos lista
vsu_ClientInit: Could not get afs tokens, running unauthenticated.
tell-sec.physnet.uni-hamburg.de
tell.physnet.uni-hamburg.de
dick-sec.physnet.uni-hamburg.de
dick.physnet.uni-hamburg.de
dick:~# fs getclienta
134.100.107.176

(*-sec refers to the private interface). So the client seems to use only the 
public address as expected, but the server doesn't. What's going wrong here? 
Thanks for any help,

Christian Ospelkaus