Jeffrey Hartwigsen wrote: > I just upgraded our servers to 1.4.1rc10. (Finished the upgrades just > before 1.4.1 was released. I hope to move to the final release soon) I > was hoping it would take care of some of our NAT issues but so far it > hasn't. We have about 30 or so windows clients running 1.4.0 & 1.4.1. > 95% of them are behind two layers of nat. Our servers are on public IP's > so that some clients can access AFS from home. We have one layer of nat > on the firewall for our internal LAN and then another layer of nat from > there to our secure wireless net. I am making plans to consolodate the > latter two networks into one subnet thereby eliminating one layer of > nat. However, in testing some clients connected directly to the LAN > (only one layer of NAT) I am experiencing some of the same problems, > namely client timeouts, failed callbacks and probe Uuid failures. I was > wondering if someone could give me some advice or point out some > documentation on how best to setup a NAT configuration that would be > compatible with AFS. My other option is to bring the servers in to the > internal network and then set up NAT for the servers' public IP's. Has > anyone had any experience with that? BTW: A VPN is not really an option, > as most of my users are.. well... users. ;) > > Any advice would be appreciated, thanks. > Jeff
The work that has gone into 1.4.1 allows the file servers to track the clients when the clients move. It does not allow the file servers to communicate with clients when the network paths to the clients no longer exist. Windows clients running 1.4.0 when idle do not contact the file servers but once per hour. During that time period the NATs will timeout the port mappings. Hence the file servers will not be able to communicate with the clients. Windows 1.4.1 clients contact the file servers at least once per ten minutes. This is better for most NATs but there are some that will timeout the port mappings in under a minute for UDP. With 1.5.1 (an unstable release) you can set the probe period via the registry to under a minute if you so choose. Not that I recommend this. I would need to see the output of the file server logs at level 125 to explain to you exactly what is happening. However, suffice it to say that if your NATs do not keep the port mappings open, nothing the file server does is going to help. Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
