[OpenAFS] client behind NAT firewall
Dale Pontius
pontius@btv.ibm.com
Wed, 06 Aug 2014 15:33:02 -0400
On 08/05/2014 11:08 AM, Simon Wilkinson wrote:
> The complication is that firewalls/NATs only preserve these mappings
> for a finite length of time. We attempt to keep them open through
> regular fileserver pings, but sometimes that isn't enough. When a
> mapping expires, the client is unable to receive callbacks until it
> next contacts the fileserver.
I fiddled with this many years ago, only on the client side. On the
advice of a friend I adjusted the connection timeout rules from the
default to 15 minutes. I'm under the impression that afs will give up /
re-establish after 5 minutes, and 15 minutes was a bit of guardband
against that. I was happy enough running the client this way, but
shortly after an area move got me into an office with an additional
port, and I quite NATting through one box to another.
Obviously this was client side, but I find it hard to believe that
keeping a connection mapped for the 2 hours mentioned elsewhere would be
necessary.
--
Dale Pontius
Senior Engineer
IBM Corporation
Phone: (802) 769-6850
Tie-Line: 446-6850
email: pontius@us.ibm.com
This e-mail and its attachments, if any, may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply e-mail and delete all copies of this message from your system without copying it and notify sender of the misdirection by reply e-mail.