[OpenAFS] NAT issues.

hays@ibiblio.org hays@ibiblio.org
Wed, 26 Apr 2006 14:17:39 -0400

--On Wednesday, April 26, 2006 12:01 PM -0400 Jeffrey Altman 
<jaltman@secure-endpoints.com> wrote:

> Windows clients running 1.4.0 when idle do not contact the file servers
> but once per hour.  During that time period the NATs will timeout the
> port mappings.  Hence the file servers will not be able to communicate
> with the clients.
> Windows 1.4.1 clients contact the file servers at least once per ten
> minutes.  This is better for most NATs but there are some that will
> timeout the port mappings in under a minute for UDP.
> With 1.5.1 (an unstable release) you can set the probe period via the
> registry to under a minute if you so choose.  Not that I recommend this.

Regarding NATs in general, I found a reference to natkeep on the arla 
contributions page. If anyone has played with it I'd like to hear their 


As a network admin, it's an interesting approach, but I figured I'd ask 
before setting up a NAT to test it. Is this something that folks see as a 
useful approach?

In poking around I also ran across this thread:
and now I'm curious as to what ultimately happened to that notion on the 
unix side of the house. Would it be possible to have the unix versions of 
openafs pull a value from the afsd.options file or some other config for 
the probe period, much like the windows client?

Ideally, I'd love to have two values, one for private addresses and one for 
public addresses, with the interval dyamically set, so that as the users 
moved about the interval would change (the assumption would be that if 
you're using a private address, you're behind a nat, and if you're on a 
public address, you're not--I know that assumption would not always be 
valid, but it would like cover 90% or more of cases).



bil hays
Network Manager
Computer Science, UNC CH