[OpenAFS] Re: linux client behind NAT/Firewall: unable to resolve name to ID

Andrew Deason adeason@sinenomine.net
Mon, 21 May 2012 09:26:53 -0500


On Sun, 20 May 2012 00:14:31 +0200 (CEST)
Lars Schimmer <l.schimmer@cgv.tugraz.at> wrote:

> Hi!
> 
> I just tried to get a OpenAFS client on my home linux system. I use a
> debian system with OpenAFS 1.6.1 and I opened ports 7001-7007 and 88
> UDP for incoming connections.

Not 7000? (for fileserver access)

> About to resolve name lschimmer to id in cell cgv.tugraz.at.
>  Error -1
> Set username to lschimmer
> Setting tokens. lschimmer @ cgv.tugraz.at
[...]
> So it cannot resolve my name to a ID.
> 
> But on a second machine (windows) behind te same firewall/NAT I could
> get a ID for the name.
> 
> Which port did I miss?

It should be port 7002, but you said you already allowed that. Can you
'pts ex lschimmer' ? If you look at a wire dump of udp traffic, it
should be pretty easy to see what's not getting through. You should see
some packets being periodically sent, with nothing coming in the reverse
direction. And for the above example, I'd expect the client to be trying
to contact port 7002 on one of the dbservers.

-- 
Andrew Deason
adeason@sinenomine.net