Using a single NAT firewall set up with Fwbuilder the rule is :firewall to any afs and :any to firewall afs
The dual homed server listens to both the internal net and the external net. Kerberos V has to be set up too. Linksys firewalls don't work with the standard code. Looking at the packet logs the AFS connection is very, very secure. Tedc -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeffrey Hartwigsen Sent: Tuesday, April 25, 2006 10:18 PM To: [email protected] Subject: Re: [OpenAFS] NAT issues. > The work that has gone into 1.4.1 allows the file servers to track the > clients when the clients move. It does not allow the file servers to > communicate with clients when the network paths to the clients no longer > exist. > > Windows clients running 1.4.0 when idle do not contact the file servers > but once per hour. During that time period the NATs will timeout the > port mappings. Hence the file servers will not be able to communicate > with the clients. > > Windows 1.4.1 clients contact the file servers at least once per ten > minutes. This is better for most NATs but there are some that will > timeout the port mappings in under a minute for UDP. > > With 1.5.1 (an unstable release) you can set the probe period via the > registry to under a minute if you so choose. Not that I recommend this. > > I would need to see the output of the file server logs at level 125 > to explain to you exactly what is happening. However, suffice it to > say that if your NATs do not keep the port mappings open, nothing the > file server does is going to help. > > Jeffrey Altman > Thank you Jeffrey. That explains a lot about what's happening at least. I will send along the file logs tomorrow. I'm assuming kill -TSTP will achieve the level you require? _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
