HI,
I experienced some problems using an AFS client (AIX RIOS) in my
network, when I limited tcp access in our cisco Router. My server
is at OSF, Cambridge USA.
I set up a filter, that denied access with port numbers less than
1023 from outside. I thought, that this filter denies service-request
and allows me to request tcp services.
But from that time, I got errors, when I tried to klog to the
server: The authentication server was not found.
When I tried a few times some minutes later, I could authenticate.
Then I tried to cd into a directory of the afs cell. I was also
successful only after several retries.
These errors occur sporadically. Sometimes I have to make a "ping" to the
server machine to be able to klog.
So I wonder, if AFS (or kerberos) needs some port numbers less than 1023.
Or does AFS try to establish a connection with dynamically
allocated tcp ports < 1023 ?
As I am the client side, I'm expecting answer packets from the
server with port number > 1023 .
Can somebody help me. I don't want to keep our Cisco Router open for
all tcp applications.
Bye,
Norbert
--
========================================================================
Norbert Marrek || Tel. : +49 (89) 636-48227
Siemens Nixdorf AG || Fax. : +49 (89) 636-45860
MchP/Lz BU BA NM 12 || Email: [EMAIL PROTECTED]
81739 Muenchen Germany
