[OpenAFS] NetInfo and Server behind NAT
Logan O'Sullivan Bruns
logan@gedanken.org
Wed, 28 Sep 2005 11:35:56 -0700
Hi,
I'm new to AFS and I'm trying to allow access to a server through
NAT. I have two servers running 1.4.0rc3 on Solaris 10 with kerberos5
(SEAM). One server has the main RW/RO volumes and the other just has
RO volumes. I have windows and macosx clients running fine against it
from behind the firewall. I haven't gotten access from outside of the
NAT/Firewall working yet though.
The behavior I'm seeing is that remote clients time out trying to
connect to the internal addresses and only the internal addresses. I
can get them to talk to the server on port 7005 using the CellServDB
but then they get back a list of internal addresses that they'll never
be able to reach. It does appear to be able to talke to the server
though. For example, vos listvol works.
I did create a /usr/afs/local/NetInfo containing:
10.0.1.20
f 63.204.157.24
Where 63.204.157.24 is the NAT/firewall ip address. I can see that it
is reading this file since there are log entries like:
Client (2) also has address f 63.204.157.24
However, it doesn't seem to be registering them in the VLDB.
$ /usr/afs/bin/vos listaddrs -noresolve
10.0.1.20
10.0.1.200
At least I'd expect to see 63.204.157.24 there and also the remote
clients only trying the other two addresses seems to confirm this.
So, should I see the fake NAT ip address in the listaddrs output and,
if so, what are of the some things I should check to find out why it
isn't showing up there.
Thanks in advance,
logan