[OpenAFS] OpenAFS Client Availability
Thu, 8 Mar 2007 10:05:48 -0900
For what its worth, I have never been able to get a low end commercial
firewall product to work properly with AFS.
The AFS/Kerberos server has a Linux Fwbuilder firewall with no special
attention paid to udp timeouts, at least ip_ct_udp_timeout_stream is unset.
The Fwbuilder rules work for a dual homed firewall with the external port
address assigned by the ISP's dhcp server and the internal address is fixed
10.x.x.x. There is a shell script to change the listen to addresses that is
fired off when the external address change is detected.
Maybe there's something I'm missing, but token lifetimes are 7 days for both
linux and windows clients and the connection seems fairly solid.
Its great to have access to every file while traveling.