> Our firewall administrator asked me to give him any port numbers that AFS
> uses to talk to other cells, so the requests can penetrate the firewall.
> I see the following lines in /etc/services:
>
> #
> # For Kerberos token-passing during rsh
> #
> auth 113/tcp authentication
> ta-rauth 601/tcp rauth
>
> Are these ports relevant, and are there others I should know about?
Neither of those are particularly relevant. These are:
afs3-fileserver 7000/udp # file server itself
afs3-callback 7001/udp # callbacks to cache managers
afs3-prserver 7002/udp # users & groups database
afs3-vlserver 7003/udp # volume location database
afs3-kaserver 7004/udp # AFS/Kerberos auth. service
afs3-volser 7005/udp # volume managment server
afs3-bos 7007/udp # basic overseer process
afs3-update 7008/udp # server-to-server updater
afs3-rmtsys 7009/udp # remote cache manager service
At a minimum, the following interactions must be possible:
Client Server
7000 <-> 7001 (fileserver requests and callbacks)
7000 <-> 7003 (VLDB lookups)
* <-> 7002 (required for pts and possibly authentication)
* <-> 7004 (required for authentication)
These are optional:
* <-> 7003 (required for vos)
* <-> 7005 (required for vos)
* <-> 7007 (required for bos)
If you expect to keep your own AFS cell "private", then you should
only allow traffic in the direction indicated. In particular, traffic
TO ports 7001-7009 should only be permitted in an outbound direction,
while traffic FROM those ports should only be permitted in the inbound
direction.
-- Jeffrey T. Hutzelman (N3NHS) <[EMAIL PROTECTED]>
Systems Programmer, CMU SCS Research Facility
Please send requests and problem reports to [EMAIL PROTECTED]
