On Sat, 1 Jun 1996 [EMAIL PROTECTED] wrote:

> Our firewall administrator asked me to give him any port numbers that AFS
> uses to talk to other cells, so the requests can penetrate the firewall.
> I see the following lines in /etc/services:
> 
>       #
>       # For Kerberos token-passing during rsh
>       #
>       auth            113/tcp         authentication
>       ta-rauth        601/tcp         rauth
> 
> Are these ports relevant, and are there others I should know about?

  Those ports are not relevant.  AFS uses UDP ports 7000-7007.  You may
not want to permit all of them, depending on your needs and security
concerns.

  From the AFS FAQ (http://www.transarc.com/Product/AFS/FAQ/faq.html):

Subject: 3.17  Which TCP/IP ports and protocols do I need to enable
               in order to operate AFS through my Internet firewall?

   Assuming you have already taken care of nameserving, you may wish to
   use an Internet timeserver for Network Time Protocol [35] [36]:
 
      ntp             123/tcp
 
   A list of NTP servers is available via anonymous FTP from:
 
      ftp://louie.udel.edu/pub/ntp/doc/clock.txt
 
   For a "minimal" AFS service which does not allow inbound or outbound
klog:
 
      fileserver      7000/udp 
      cachemanager    7001/udp
      ptserver        7002/udp
      vlserver        7003/udp
      kaserver        7004/udp
      volserver       7005/udp
      reserved        7006/udp
      bosserver       7007/udp
 
   (Ports in the 7020-7029 range are used by the AFS backup system,
    and won't be needed by external clients performing simple file
    accesses.)
 
   Additionally, for "klog" to work through the firewall you need to
   allow inbound and outbound UDP on ports >1024 (probably 1024<port<2048
   would suffice depending on the number of simultaneous klogs).

   See also: http://www-archive.stanford.edu/lists/info-afs/hyper95/0874.html

  -brian

--
  Brian W. Spolarich - ANS CO+RE Systems - [EMAIL PROTECTED] - (313)677-7311
                 If wishes were fishes we'd all cast nets.

Reply via email to