Joe Ramus <[EMAIL PROTECTED]> writes:
> These Personal Firewall devices typically use NAT for the protected system
> behind the Firewall. We have tested such a system and we find that
> AFS does not work (or we have not made it work).
How does it fail to work? And this seems to a little bit at odds with
your question below.
> Will AFS work when the Server is outside the Firewall (on the Internet)
> and NAT is used for systems behind the Firewall? Assuming that we do
> not Block the AFS packets (I think ports 7000 to 7003).
I believe you will also have to let through port 750 since the
Transarc NT client uses the krb4 protocol for authenticating the user
against the ka-server/kdc.
It should work. The one problem with this is NAT timeouts. You
should try to find out how long (or short) time-out there's on UDP
`sessions'. `fs checkservers' is useful here to make sure that your
client probes every server you're interested in often enough that the
NAT box does not forget about the session.
> Does the AFS server need to know the actual IP address of the
> AFS client?
No.
/assar
