On Sat, 1 Jun 1996 [EMAIL PROTECTED] wrote:
> Our firewall administrator asked me to give him any port numbers that AFS
> uses to talk to other cells, so the requests can penetrate the firewall.
> I see the following lines in /etc/services:
>
> #
> # For Kerberos token-passing during rsh
> #
> auth 113/tcp authentication
> ta-rauth 601/tcp rauth
>
> Are these ports relevant, and are there others I should know about?
Those ports are not relevant. AFS uses UDP ports 7000-7007. You may
not want to permit all of them, depending on your needs and security
concerns.
From the AFS FAQ (http://www.transarc.com/Product/AFS/FAQ/faq.html):
Subject: 3.17 Which TCP/IP ports and protocols do I need to enable
in order to operate AFS through my Internet firewall?
Assuming you have already taken care of nameserving, you may wish to
use an Internet timeserver for Network Time Protocol [35] [36]:
ntp 123/tcp
A list of NTP servers is available via anonymous FTP from:
ftp://louie.udel.edu/pub/ntp/doc/clock.txt
For a "minimal" AFS service which does not allow inbound or outbound
klog:
fileserver 7000/udp
cachemanager 7001/udp
ptserver 7002/udp
vlserver 7003/udp
kaserver 7004/udp
volserver 7005/udp
reserved 7006/udp
bosserver 7007/udp
(Ports in the 7020-7029 range are used by the AFS backup system,
and won't be needed by external clients performing simple file
accesses.)
Additionally, for "klog" to work through the firewall you need to
allow inbound and outbound UDP on ports >1024 (probably 1024<port<2048
would suffice depending on the number of simultaneous klogs).
See also: http://www-archive.stanford.edu/lists/info-afs/hyper95/0874.html
-brian
--
Brian W. Spolarich - ANS CO+RE Systems - [EMAIL PROTECTED] - (313)677-7311
If wishes were fishes we'd all cast nets.
