[OpenAFS] NAT issues.
Wed, 26 Apr 2006 07:30:37 -0700
Using a single NAT firewall set up with Fwbuilder the rule is
:firewall to any afs and
:any to firewall afs
The dual homed server listens to both the internal net and the external net.
Kerberos V has to be set up too.
Linksys firewalls don't work with the standard code.
Looking at the packet logs the AFS connection is very, very secure.
From: email@example.com [mailto:firstname.lastname@example.org]
On Behalf Of Jeffrey Hartwigsen
Sent: Tuesday, April 25, 2006 10:18 PM
Subject: Re: [OpenAFS] NAT issues.
> The work that has gone into 1.4.1 allows the file servers to track the
> clients when the clients move. It does not allow the file servers to
> communicate with clients when the network paths to the clients no longer
> Windows clients running 1.4.0 when idle do not contact the file servers
> but once per hour. During that time period the NATs will timeout the
> port mappings. Hence the file servers will not be able to communicate
> with the clients.
> Windows 1.4.1 clients contact the file servers at least once per ten
> minutes. This is better for most NATs but there are some that will
> timeout the port mappings in under a minute for UDP.
> With 1.5.1 (an unstable release) you can set the probe period via the
> registry to under a minute if you so choose. Not that I recommend this.
> I would need to see the output of the file server logs at level 125
> to explain to you exactly what is happening. However, suffice it to
> say that if your NATs do not keep the port mappings open, nothing the
> file server does is going to help.
> Jeffrey Altman
Thank you Jeffrey. That explains a lot about what's happening at least.
I will send along the file logs tomorrow. I'm assuming kill -TSTP will
achieve the level you require?
OpenAFS-info mailing list