[OpenAFS] NAT issues.

bil hays@ibiblio.org
Wed, 26 Apr 2006 18:42:00 -0400

--On Wednesday, April 26, 2006 6:07 PM -0400 Jeffrey Altman 
<jaltman@secure-endpoints.com> wrote:

> bil wrote:
>> That kind of begs my question about whether a contact interval as an
>> option with a variable to be set is possible as seems to be the case in
>> the windows 1.5.1 client. I have absolutely no idea whether that would
>> be possible or not, or easy or hard--I freely admit absolute ignorance
>> in that arena, so please accept my apologies in advance if it's a stupid
>> question.
> Note that I added the registry settings to assist in debugging not
> as a means to solve this problem and I believe that abusing this setting
> will only result in causing additional problems.

Understood. As I said, I don't see it as a potential general solution, and 
one that would require testing in any case.

> Please remember that NATs are not the problem.  The problem is the
> failure to maintain the UDP port mapping for a long enough period of
> time.  Organizations that come across network devices that are not
> AFS friendly should file complaints to the manufacturers.  Perhaps
> someone could maintain a list of AFS friendly and AFS unfriendly
> network devices.

I'm willing to maintain such a list--email directly if you know what vendor 
model and firmware combinations are either good or bad.

> Fixing this problem should be as easy as installing
> a new firmware on the device.

Well, getting one of the large companies oriented to residential use to 
change firmware is not usually very easy, even if the configuration causes 
real problems for entire sites: