[OpenAFS] NAT issues.

Jeffrey Hartwigsen jrhartwigsen@linkp.com
Tue, 25 Apr 2006 23:06:06 -0500

I just upgraded our servers to 1.4.1rc10. (Finished the upgrades just 
before 1.4.1 was released. I hope to move to the final release soon) I 
was hoping it would take care of some of our NAT issues but so far it 
hasn't. We have about 30 or so windows clients running 1.4.0 & 1.4.1. 
95% of them are behind two layers of nat. Our servers are on public IP's 
so that some clients can access AFS from home. We have one layer of nat 
on the firewall for our internal LAN and then another layer of nat from 
there to our secure wireless net. I am making plans to consolodate the 
latter two networks into one subnet thereby eliminating one layer of 
nat. However, in testing some clients connected directly to the LAN 
(only one layer of NAT) I am experiencing some of the same problems, 
namely client timeouts, failed callbacks and  probe Uuid failures. I was 
wondering if someone could give me some advice or point out some 
documentation on how best to setup a NAT configuration that would be 
compatible with AFS. My other option is to bring the servers in to the 
internal network and then set up NAT for the servers' public IP's. Has 
anyone had any experience with that? BTW: A VPN is not really an option, 
as most of my users are.. well... users.  ;)

Any advice would be appreciated, thanks.