[OpenAFS] client behind NAT firewall

Alex euergetikos.k@gmail.com
Tue, 05 Aug 2014 09:30:35 +0200

Hi all,

Please help me to make a decision here. I am trying to determine whether
Openafs is the right choice for us and it is not clear for me if
modifying client's firewall is mandatory or not. The situation is like

-all Openafs servers are behind the same NAT firewall. Firewall rules
can be changed.
-client computers are behind another NAT firewall. Firewall rules cannot
be changed.
-some clients are on Windows, some on Linux.

Now, I didn't find in the admin guide or wiki[1] some useful information
about client's firewall, but I could find some information on the
Internet saying that client doesn't work without opening 7001 for
incoming UDP [2]. This should be open for callbacks (if I understood
correctly). I also tested the client behind NAT with some public cells
and it worked well. So, does a client work behind a firewall NAT even
without opening inbound ports? If not, is there any solution for this?

Thank you,

[1] http://wiki.openafs.org/AFSServicePorts
[2] https://itservices.stanford.edu/service/openafs/pc