Joe,
I don't believe you can use NAT with AFS because
it is my understanding that client IP addresses are part
of the payload in AFS network traffic.
NAT will not modify this embedded data.
For this reason, I believe you cannot socksify AFS traffic.
I think you need a routed connection through
a packet filtering router.
Otherwise, you could make a Virtual Private Network (VPN)
between your server and clients. With a VPN, all your traffic
is encrypted along the tunnel.
Most modern firewall products support VPN.
I know the IBM SecureWay product does.
--
cheers
paul http://acm.org/~mpb
Joe Ramus wrote:
> We are interested in using the new inexpensive "personal firewall"
> devices for our Telecommute employees. We use NT systems with an
> AFS Client and either DSL or Cable access.
>
> These Personal Firewall devices typically use NAT for the protected system
> behind the Firewall. We have tested such a system and we find that
> AFS does not work (or we have not made it work).
>
> Will AFS work when the Server is outside the Firewall (on the Internet)
> and NAT is used for systems behind the Firewall? Assuming that we do
> not Block the AFS packets (I think ports 7000 to 7003).
>
> Does the AFS server need to know the actual IP address of the
> AFS client?
>
> ------------------------------------------------------------------------
> | Joe Ramus ESnet, LBNL, Berkeley, CA (510) 486-8683 [EMAIL PROTECTED] |
> ------------------------------------------------------------------------
