[OpenAFS] OpenAFS, NAT, IPtables

Ron Croonenberg ronc@depauw.edu
Sat, 29 Sep 2007 00:43:55 -0400 

I found, after digging around for a good while, that changing these keys:

net.ipv4.netfilter.ip_conntrack_udp_timeout=480
net.ipv4.netfilter.ip_conntrack_udp_timeout_stream=900

seems to work on FC6 (2.6.22.4-45.fc6).

But:  Do I both need them ? and what is the best "minimal" value for
those keys ?

tia,

Ron



Ron Croonenberg wrote:
> Hi Jason,
> 
> I got rid of this one: "Unable to authenticate to AFS because
> Authentication Server was unavailable."
> That appeared to be a firewall issue.
> 
> I do see the timeout happening, every so many minutes, did anyone solve
> that port. (The head node of that clusters runs IPtables/NAT so that all
> the nodes can use AFS as a "common file system" for running MPICH apps)
> 
> The authentication server was running. Other clients don't have any
> issues at all. (it was a masquerading issue on the head node of that
> cluster.)
> 
> thanks,
> 
> Ron
> 
> (PS: "not too many" AFS guru's here..  that's why I am on the list)
> 
> 
> Jason Edgecombe wrote:
>> Ron Croonenberg wrote:
>>> Hello all,
>>>
>>> I hope I am not beating a dead horse here (I saw some references, but
>>> not a solution).
>>>
>>> I have a few machines in a cluster, and installed openafs on the nodes,
>>> the client is running (I can see the mountpoints in /afs) But when I try
>>> to get a token with klog it says
>>>
>>> Unable to authenticate to AFS because Authentication Server was unavailable.
>>>
>>> any ideas ? is that the timeout issue people were talking about ?
>>> (is there a solution ?)
>>>   
>> It sounds like your cell isn't running the legacy authentication server
>> (kaserver). This is the recommended way. If you have set up kerberos 5,
>> then run "kinit; aklog"
>>
>> Have you spoken to your local AFS gurus about how to set things up?
>>
>> FYI, the OpenAFS client work fine behind NAT with the server on the
>> public internet. That's what I use from home.
>>
>> Jason
>> _______________________________________________
>> OpenAFS-info mailing list
>> OpenAFS-info@openafs.org
>> https://lists.openafs.org/mailman/listinfo/openafs-info
> 

-- 
=================================================================
 Ron Croonenberg                   |
                                   | Phone: 1 765 658 4761
 Lab Instructor &                  | Fax:   1 765 658 4732
         Technology Coordinator    |
                                   |
 Department of Computer Science    | e-mail: ronc@DePauw.edu
 DePauw University                 |
 275 Julian Science & Math Center  |
 602 South College Ave.            |
 Greencastle, IN  46135            |
=================================================================