[OpenAFS] vos listaddrs and "fake" fileserver addresses

Ryan C. Underwood nemesis-lists@icequake.net
Thu, 10 Sep 2009 16:47:29 -0500 

--tThc/1wpZn/ma/RB
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable


I'm having a problem getting the vlservers to advertise "fake"
fileserver IP addresses for fileservers-behind-NAT.

I have two AFS servers, 10.0.0.1 and 10.0.0.2 on the internal network.
On the Internet, they are seen as (say) 100.0.0.1 and 100.0.0.2.
They are both running Debian Lenny and are both vlservers as well as
fileservers.

The /etc/openafs/server/NetInfo file on one reads:
10.0.0.1
f 100.0.0.1

and on the other reads:
10.0.0.2
f 100.0.0.2

The server CellServDB on both contains only 10.0.0.1 and 10.0.0.2.  (If
I try to add the external IP addresses, it complains about conflicting
cell information.)

The client CellServDB is empty and the vlservers are provided through an
AFSDB record.  I have two different DNS zones due to the NAT.  On the
zone for the internal network, the AFSDB record gives the internal addresse=
s.
Queries from external clients receive a different AFSDB record from the
external zone with the external addresses.

I can use udebug to reach port 7002 and 7003 from the external net
showing the ubik info.

However, fileserver connections always time out.  vos listaddrs shows
only the internal addresses, 10.0.0.1 and 10.0.0.2.  The client times
out attempting to connect to these addresses.

Should the "fake" IP addresses appear in vos listaddrs?

Is there a way to verify that the sysid file contains the correct
information?

Is there possibly something I have overlooked in the setup?

--=20
Ryan C. Underwood, <nemesis@icequake.net>

--tThc/1wpZn/ma/RB
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKqXPxIonHnh+67jkRAmftAKCawx2TdIYv0H5lMEkXCSmO2QAiiQCeKoge
zkJeVhKCPBbawakP/QfzFLk=
=uGpE
-----END PGP SIGNATURE-----

--tThc/1wpZn/ma/RB--