After more than a year running my newly rebuilt Lab infrastructure AFS free today somebody who can't turn be down asked me to enable AFS on "at least one or two" computing nodes so that he can access his university files. We are talking here Carnegie Mellon University so the files are naturally to be found on AFS servers.
Getting OpenAFS 1.6.10 client running on two Red Hat computing nodes was 30 minutes exercise but I am stamped what to do about firewall. Naturally our Lab infrastructure is insulated from the rest of Carnegie Mellon University by very restrictive PF rules filtering traffic in both directions. Only half dozen ports are allowed from our Computing Zone. Today I cold-heartedly allow my firewall to pass out UDP traffic on ports 7000-7006 as well as TCP and UDP on port 88 for the University kerberos server. However it didn't work. A quick test with PF off demonstrated that OpenAFS clients work as expected and that PF has to be more carefully adjusted for AFS to work. Can anybody point me to any documents or give me some idea how to go about adjusting PF rules so that AFS can be used. Any ideas how to sniff the traffic to see which ports are in use when AFS is working? Most Kind Regards, Predrag P.S. I tried to talk to few AFS gurus today but all of them were out of office for holidays.
