[OpenAFS] client behind NAT firewall

Alex euergetikos.k@gmail.com
Tue, 05 Aug 2014 09:30:35 +0200


Hi all,

Please help me to make a decision here. I am trying to determine whether
Openafs is the right choice for us and it is not clear for me if
modifying client's firewall is mandatory or not. The situation is like
this:

-all Openafs servers are behind the same NAT firewall. Firewall rules
can be changed.
-client computers are behind another NAT firewall. Firewall rules cannot
be changed.
-some clients are on Windows, some on Linux.

Now, I didn't find in the admin guide or wiki[1] some useful information
about client's firewall, but I could find some information on the
Internet saying that client doesn't work without opening 7001 for
incoming UDP [2]. This should be open for callbacks (if I understood
correctly). I also tested the client behind NAT with some public cells
and it worked well. So, does a client work behind a firewall NAT even
without opening inbound ports? If not, is there any solution for this?

Thank you,
Alex

[1] http://wiki.openafs.org/AFSServicePorts
[2] https://itservices.stanford.edu/service/openafs/pc