[OpenAFS] client behind NAT firewall

[Dale Pontius]

On 08/05/2014 11:08 AM, Simon Wilkinson wrote:
> The complication is that firewalls/NATs only preserve these mappings 
> for a finite length of time. We attempt to keep them open through 
> regular fileserver pings, but sometimes that isn't enough. When a 
> mapping expires, the client is unable to receive callbacks until it 
> next contacts the fileserver. 
I fiddled with this many years ago, only on the client side.  On the 
advice of a friend I adjusted the connection timeout rules from the 
default to 15 minutes.  I'm under the impression that afs will give up / 
re-establish after 5 minutes, and 15 minutes was a bit of guardband 
against that.  I was happy enough running the client this way, but 
shortly after an area move got me into an office with an additional 
port, and I quite NATting through one box to another.

Obviously this was client side, but I find it hard to believe that 
keeping a connection mapped for the 2 hours mentioned elsewhere would be 
necessary.

-- 
Dale Pontius
Senior Engineer
IBM Corporation
Phone: (802) 769-6850
Tie-Line: 446-6850
email: pontius@us.ibm.com

This e-mail and its attachments, if any, may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply e-mail and delete all copies of this message from your system without copying it and notify sender of the misdirection by reply e-mail.