[OpenAFS] NAT issues.
ted creedon
tcreedon@easystreet.com
Wed, 26 Apr 2006 18:49:08 -0700
NetInfo keeps everything straight. There are also 2 other afs servers on
the internal net that replicate to the dual homed server every night via
the non routable class A address 10.1.1.x..
The packet logs bear this out.
It also works, for whatever reason.
Tedc
Jeffrey Hartwigsen wrote:
> ted creedon wrote:
>> For what its worth, an identical problem was solved by placing the afs
>> server on a DMZ running its own firewall, installing 2 nic cards, one
>> internal and one external, and writing firewall rules to match. Only afs
>> traffic is allowed from the internal net to the afs server which also
>> is the
>> KRB5 server.
>>
>> Setting appropriate firewall logging rules helps as well as nmap and
>> snort
>> to verify the firewall integrity.
>>
>> The clients can be behind remote firewalls. All clients grab tokens
>> from the
>> external net interface....
>>
>> tedc
>>
>>
>
> That was an option we discussed some here. Isn't AFS pretty finicky
> about how reverse lookup works? So wouldn't having it's host name
> resolve to two separate IP's confuse it? Or is that why you restrict
> the internal nic to AFS traffic only? Can you still use AFSDB records
> on the internal DNS?
>
>
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>