[OpenAFS] OpenAFS Client Availability

ted creedon tcreedon@easystreet.com
Thu, 8 Mar 2007 10:05:48 -0900


For what its worth, I have never been able to get a low end commercial
firewall product to work properly with AFS.

The AFS/Kerberos server has a Linux Fwbuilder firewall with no special
attention paid to udp timeouts, at least ip_ct_udp_timeout_stream is unset. 

The Fwbuilder rules work for a dual homed firewall with the external port
address assigned by the ISP's dhcp server and the internal address is fixed
10.x.x.x. There is a shell script to change the listen to addresses that is
fired off when the external address change is detected.

Maybe there's something I'm missing, but token lifetimes are 7 days for both
linux and windows clients and the connection seems fairly solid.

Its great to have access to every file while traveling.

tedc