[OpenAFS] Re: rxtcp, rxutcp [for networks without UDP]
Marcus Watts
mdw@umich.edu
Fri, 31 Mar 2006 17:14:17 -0500
Various wrote:
> Message-Id: <200603312137.PAA29009@malison.ait.iastate.edu>
> To: Jim Rees <rees@umich.edu>
> Cc: openafs-info@openafs.org
> From: John Hascall <john@iastate.edu>
> Subject: Re: [OpenAFS] Re: rxtcp, rxutcp [for networks without UDP]
> Date: Fri, 31 Mar 2006 15:37:42 CST
>
>
> > In the future only tcp on port 80 will work. Some time after that only http
> > over tcp on port 80 will work. It's already happening in some places.
>
> So, who's working on rxhttp then?
>
> John
> PS, :)
Actually you want to use port 443, not 22 or 80.
22 requires they actually care about it professionals.
80 might go to a caching web server.
443 requires end-end connectivity from browser to server.
As a bonus, 443 connections are more likely to be left up
for a period of time, which better matches the behavior
you'll be producing here. This is important because the
sorts of places that only allow http/https are usually the
sorts of places that want to not allow vpn traffic.
Ideally, you should do ssl over 443, then ip tunneling on top
of that.
ssh forwarding is on a per-port basis - you might be able to make this
work with afs but you probably won't want to do it again. You really
want something that works at the network routing layer = vpn, ip tunneling,
or whatever you want to call it. Besides, the "recent" versions of ssh
I have in my environment still only does TCP port forwarding, so won't
work for this at all. Does your copy of ssh really do udp port forwarding?
-Marcus Watts