[OpenAFS] NetRestrict
Christian Ospelkaus
christian@core-coutainville.org
Mon, 2 Feb 2004 11:58:16 +0100
Hello,
In my cell, all machines have both a public and a private address (actually,
an alias address on the same physical interface) used for tunneling nis / nfs
through ipsec. I would like to restrict afs to the public interfaces because
the ipsec interfaces coming up and down seem to confuse the afs client
occasionally. I am using Debian/unstable with OpenAFS 1.2.11. Here is what I
do:
dick:~# locate NetRestrict
/etc/openafs/NetRestrict
/etc/openafs/server-local/NetRestrict
/usr/afs/local/NetRestrict
dick:~# cat `locate NetRestrict`
192.168.107.176
192.168.107.176
192.168.107.176
dick:~# vos lista
vsu_ClientInit: Could not get afs tokens, running unauthenticated.
tell-sec.physnet.uni-hamburg.de
tell.physnet.uni-hamburg.de
dick-sec.physnet.uni-hamburg.de
dick.physnet.uni-hamburg.de
dick:~# fs getclienta
134.100.107.176
(*-sec refers to the private interface). So the client seems to use only the
public address as expected, but the server doesn't. What's going wrong here?
Thanks for any help,
Christian Ospelkaus