Erland Lewin <[EMAIL PROTECTED]> writes: > From my perspecitve, a major hindrance to wider use of AFS is that it > is difficult to access AFS for users behind a NAT and/or firewall. In > my case, I want to access my afs shares from my laptop wherever I > connect to the network. > > If I understand correctly, all AFS communication from server to client > uses UDP to the callback port 7001 on the client. This is the traffic > that is most likely to have problems with NAT and firewalls. > > If the client started by making a TCP connection the server on port > 7001, and the server sent all callback traffic to that client over > that TCP connection, it seems to me that that would solve a number of > problems.
I never had problems running AFS behing NAT. open 7000-7007/UDP in your firewall. And dont close UDP-connections for at least 2 hours. or follow instructions in FAQ, 3.17 http://grand.central.org/twiki/bin/view/AFSLore/AdminFAQ > Possible problems with this approach are: > - TCP may cause worse performance than UDP. I do belive that TCP performs better than RX for bulkdata transfer. > - Can multiple users behind the same NAT be handled? i see no reason why it shouldnt, but i have never tested. > - For large servers, the number of TCP connections may become too great i dont think thats an problem, this was an problem 15 years ago what AFS was implemented. > I'm not proposing that this be the default behaviour - but for those > servers that are prepared to live with the above limitations, it would > be great to be able to access AFS shares in more situations. RX-calls over TCP sounds great (however i do not care about NAT-issues at all) , but who writes the code ? /Jimmy _______________________________________________ OpenAFS-devel mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-devel
