[OpenAFS] Placing an AFS server behind a NAT

[Lester Barrows]

Thanks for the reply. Perhaps my setup is a bit unusual, as the NAT subnet has 
two other AFS servers already connected to it, both of which are multihomed 
on an externally visible network. One of these other servers runs the VLDB 
service, and while both IP addresses are being advertised, accessing the 
"public" IP address for the new server doesn't seem to work. Even on the new 
server, it's not possible to execute e.g. a "vos listvol <external IP 
address>" command. Using the internal "private" IP does work, but volumes on 
this server are not visible externally. The static NAT on the router appears 
to be fine. Perhaps this exact configuration is not possible?

Regards,

Lester Barrows
Asani Solutions, LLC
Code IC Systems Group
NASA Ames Research Center

On Thursday 10 June 2004 11:37, David Botsch wrote:
> Here is my setup for afs server behind a nat (which seems to work
> properly):
>
> /usr/afs/etc/CellServDB has the private (behind the nat box) address of
> the server
>
> /usr/afs/local/NetInfo has two lines:
> private ip
> f public-realipofnatbox
>
> clients behind the nat box have the private ip. Clients in the public
> net have the real ip of the nat box.
>
> There is an initial timeout from clients while trying to talk to the
> other ip (the afs server must say my ips are such and such and then the
> client tries to talk to both and fails), and then all works well.
>
> I also have the krb4 and afs server ports being forwarded through the
> nat box.
>
> On 2004.06.10 13:50 Lester Barrows wrote:
> > I'm attempting to place an AFS fileserver behind a NAT experimentally.
> > I've
> > statically assigned a routable IP address on the router to redirect
> > traffic
> > to the AFS server, and created the /usr/afs/local/NetInfo file as
> > such:
> >
> > f (external IP address)
> >
> > This doesn't seem to work, as other systems still see the internal (to
> > the
> > NAT) IP address, and never fail over to the external address. This is
> > the
> > case even if I create a /usr/afs/local/NetRestrict file containing the
> >
> > internal IP address and restart the AFS server. I've even tried
> > putting the
> > internal IP address in the NetInfo file before the "fake" address, but
> > it
> > doesn't seem to work either way.
> >
> > Is there anything that I'm missing, or are there perhaps additional
> > steps
> > which need to be taken in order to get the VLDB to advertise the
> > external IP
> > address? I'm running the 1.2.11 RPMs on Redhat AS 3.0 downloaded from
> > openafs.org.
> >
> > Regards,
> >
> > Lester Barrows
> > Asani Solutions, LLC
> > Code IC Systems Group
> > NASA Ames Research Center
> > _______________________________________________
> > OpenAFS-info mailing list
> > OpenAFS-info@openafs.org
> > https://lists.openafs.org/mailman/listinfo/openafs-info