[OpenAFS] udp support for afs

William Murray W.J.Murray@rl.ac.uk
Sun, 13 Jan 2008 16:59:00 +0000

> AFS uses udp.  if the tunnel doesn't transport udp, that would be a problem.
   Hello again,
           I have tried a while to get UDO transport, but I don't really
understand iptables. Could anyone see what is wrong with this, which
works for ip:

iptables -F; iptables -t nat -F; iptables -t mangle -F
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss
#Above is attempt 14/3/06 to get pptp tunnel through this  working.

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -P INPUT DROP   #only if the first two are succesful

iptables -A FORWARD -i ppp0 -o ppp0 -j REJECT
iptables -A FORWARD -p icmp -j ACCEPT

# Now add 62694 for the gnutella
iptables -A INPUT -p tcp --dport 62694 -j ACCEPT
iptables -A INPUT -p udp --dport 62694 -j ACCEPT
# Now add 6346 for mutella
iptables -A INPUT -p tcp --dport 6346 -j ACCEPT
# Now try samba
iptables -A INPUT -p tcp --dport 139 -j ACCEPT
iptables -A INPUT -p tcp --dport 445 -j ACCEPT
iptables -A INPUT -p udp --dport 137 -j ACCEPT
iptables -A INPUT -p udp --dport 138 -j ACCEPT
# Now for ssh
#iptables -A INPUT -p tcp --dport 22 -j ACCEPT
### Try to set up afs .. does not work
##iptables -A INPUT -p udp -m udp --dport 7000:7009 -j ACCEPT
##iptables -A INPUT -p udp -m udp --dport 750 -j ACCEPT