AFS uses UDP not TCP. If you're only allowing TCP traffic
that certainly won't go over well with AFS. You might
want to think about ICMP traffic as well.
Rather than guess at what AIX is doing, it's possible to
see more directly. "iptrace" can be used to log all the
incoming & outgoing network traffic. Here's how:
(1) once-only:
ifconfig en0 debug
(2) to collect a log:
iptrace -i en0 /tmp/ipt.out
This will start saving data to /tmp/ipt.out. It will
also register a complaint with syslog that you can ignore.
(3) to stop the log:
use "ps" to find iptrace and do a "kill" (or kill -15 or
kill -TERM) on it. Do NOT use "kill -9".
(4) to examine the log:
ipreport /tmp/ipt.out
You can use this to tell which port numbers are being used,
and you can also use this to examine any ICMP packets you
get, which might be a clue that something failed.
Depending on how you're using kerberos, that could also
give you difficulties. Kerberos supports RX and MIT style
UDP datagrams. RX goes via UDP port 7004. MIT style UDP datagrams
go via UDP port 750. Kerberos has since been assigned the "official"
internet port of 88, although I haven't yet heard of anybody actually
using it.
-Marcus Watts
UM ITD RS Umich Systems Group
