Hi there, I'm trying to set up access to Internet-connected AFS cells via a packet-filtering firewall. From the FAQ I understand I have to allow UDP packets on ports 7000 to 7007. However, having done this, if I try to list the contents of a cell, sometimes I get into a situation where my "ls" command appears to hang (and can't be killed with a SIGKILL) and I see unauthorised traffic being bounced from the firewall. When this occurs, I see one packet every 30 seconds being discarded at the firewall, and if I modify the filters to allow this packet, the "ls" command completes and all is well. So far I've had to allow two of these unauthorised packets: * A UDP packet from the AFS server, source port 0, destination port 0. * A UDP packet from the AFS server, source port 256, destination port 67. 1) What are these packets? Note that I have not tried to authenticate to an external cell, just list the contents as system:anyuser. 2) What is the mechanism for authentication? The FAQ indicates that you need to open up UDP for ports 1024 to 2048 "depending on the number of simultaneous klogs". Is this simultaneous for the AFS client (host), for each user on the AFS client, or for the remote AFS cell? Thanks a lot, Mike Prince.
