[OpenAFS] NAT issues.
Tue, 25 Apr 2006 23:06:06 -0500
I just upgraded our servers to 1.4.1rc10. (Finished the upgrades just
before 1.4.1 was released. I hope to move to the final release soon) I
was hoping it would take care of some of our NAT issues but so far it
hasn't. We have about 30 or so windows clients running 1.4.0 & 1.4.1.
95% of them are behind two layers of nat. Our servers are on public IP's
so that some clients can access AFS from home. We have one layer of nat
on the firewall for our internal LAN and then another layer of nat from
there to our secure wireless net. I am making plans to consolodate the
latter two networks into one subnet thereby eliminating one layer of
nat. However, in testing some clients connected directly to the LAN
(only one layer of NAT) I am experiencing some of the same problems,
namely client timeouts, failed callbacks and probe Uuid failures. I was
wondering if someone could give me some advice or point out some
documentation on how best to setup a NAT configuration that would be
compatible with AFS. My other option is to bring the servers in to the
internal network and then set up NAT for the servers' public IP's. Has
anyone had any experience with that? BTW: A VPN is not really an option,
as most of my users are.. well... users. ;)
Any advice would be appreciated, thanks.