> In previous lifetime (2 years ago) I tried connecting to outside AFS
> world (from within IBM Research) and I was somewhat successful. As
> others have pointed out there are some specific ports that need to be
> "turned on" for AFS traffic to flow.
>
> However, if my memory serves me correctly, I was unable to use klog
> because it used a UDP port from some range and the firewall dude
> didn't want to open up every port in that range.
klog, pts, vos, and so on always use a fairly arbitrarily-chosen port
to make their connections _from_. However, they always connect _to_
specific ports (7002-7005). So, depending on how powerful your firewall
software is, you can permit UDP traffic between those specific ports on
outside machines and a wider range of ports on inside machines. How
much of a problem this is depends partly on how fasicst your organization
is about security, and how strongly security depends on the firewall,
as opposed to depending on having machines on the inside secured properly
to begin with.
-- Jeffrey T. Hutzelman (N3NHS) <[EMAIL PROTECTED]>
Systems Programmer, CMU SCS Research Facility
Please send requests and problem reports to [EMAIL PROTECTED]
