[OpenAFS] removing IP addresses

Lester Barrows barrows@email.arc.nasa.gov
Tue, 19 Jul 2005 12:21:05 -0700

Hi Brian,

We have a similar configuration at our AFS cell. What we've done is set up 
separate CellServDB files for clients on the non-routable network which point 
to the non-routable volserver IP. We also added several "fs setserverprefs" 
lines to the init scripts (at the end of the start() method) to cause the 
clients to prefer the volume locators and file servers we want them to talk 
to. It's a bit of a kludge, but none of the other methods we've found have 
worked to any degree of satisfaction.


On Monday 18 July 2005 19:37, Brian May wrote:
> Hello,
> How do I remove IP addresses from the output of "vos listaddrs"?
> I setup my server when I was still learning AFS, and wasn't aware of the
> NetInfo file at the time.
> I have tried:
> * Changing NetInfo and restarting, but it doesn't help.
> * vos changeaddr $addr -remove -localauth -verbose
>   but it complains it is in use by the vldb.
> * Delete the sysid file and restart the server. As per:
>   https://lists.openafs.org/pipermail/openafs-info/2002-May/004467.html
>   No change.
> * Dodgy instructions in
> https://lists.openafs.org/pipermail/openafs-info/2004-December/015854.html
> didn't help.
> Obviously these are wrong for various reasons, but what is the correct
> way?
> I haven't tried:
> * removing the other interfaces, because they are used by other
>   processes.
> * Move all volumes to somewhere else (would another partition be
>   sufficient?), delete the addresses, and then move then back again
>   (would this help?). This seems excessive.
> The problem is some of these addresses are private IP addresses and
> cannot be accessed from outside my private network. As such I don't want
> the fileserver advertising these addresses to clients outside my
> network. It causes the client to take ages to start while it tries the
> internal addresses first.
> It also lists every public IP address my machine has, I only want
> OpenAFS on one of these IP addresses, not every one. This in turn would
> allow tighter firewall controls.