On Wed, 10 Apr 2013 20:51:36 +0300 (EEST) "Jukka Tuominen" <[email protected]> wrote:
> When running wireshark on the idle server machine, there was no > striking errors that I could spot while browsing through the output. I didn't mean to detect "errors" using that, but just to use wireshark as a tool to see what IP addresses traffic is going to / coming from. > I then grepped /etc/ for any private IP entries. Since the machine is > on DMZ, it has a private address in /etc/network/interfaces. > /etc/openafs/server/CellServDB and /etc/openafs/CellServDB were the > only other ones. I changed the latter two to public ones, but > wireshark started to print "unreachable ports". It seemed that > /etc/openafs/server/CellServDB had to have the private IP in place in > order not to raise errors. Do you mean the server only has a 'private' IP on an actual interface? That is, a NAT owns the 'public' IP and passes it through. Then yes, depending on how your network is set up, that may or may not work. I think it makes things simpler if you can get it to work (that is, so requests to the 'public' IP from the private net will still go to the server), but it's not necessary. > It also seems, that there is quite a frequent traffic between the > private and the public IP. I believe the traffic goes to the NIC at > least, but propably not further (hub, switch or firewall) but I can't > say for sure. Wireshark pairs the private and public, and then public > and private on single lines, so how is that interpreted? It's really not possible to help you or say what's going on unless you provide more detailed information. For this specifically (and the above paragraph, if you want info on that), 'more detailed information' means saying what the source IP and port are, and what the destination IP and port are. (Or, just providing a dump of the raw traffic.) If you don't want to share the IPs, you can obfuscate them but make sure they are consistent. I also don't know what you mean by "frequent", above. A packet every 6 seconds? 6 million packets per second? -- Andrew Deason [email protected] _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
