[OpenAFS] NAT issues.
Wed, 26 Apr 2006 18:49:08 -0700
NetInfo keeps everything straight. There are also 2 other afs servers on
the internal net that replicate to the dual homed server every night via
the non routable class A address 10.1.1.x..
The packet logs bear this out.
It also works, for whatever reason.
Jeffrey Hartwigsen wrote:
> ted creedon wrote:
>> For what its worth, an identical problem was solved by placing the afs
>> server on a DMZ running its own firewall, installing 2 nic cards, one
>> internal and one external, and writing firewall rules to match. Only afs
>> traffic is allowed from the internal net to the afs server which also
>> is the
>> KRB5 server.
>> Setting appropriate firewall logging rules helps as well as nmap and
>> to verify the firewall integrity.
>> The clients can be behind remote firewalls. All clients grab tokens
>> from the
>> external net interface....
> That was an option we discussed some here. Isn't AFS pretty finicky
> about how reverse lookup works? So wouldn't having it's host name
> resolve to two separate IP's confuse it? Or is that why you restrict
> the internal nic to AFS traffic only? Can you still use AFSDB records
> on the internal DNS?
> OpenAFS-info mailing list