On Wed, 25 May 2005, Roland Kuhn wrote:
Sorry, I can't help you, but your talking about NAT makes me wonder if 1.3.X
has something built in that makes it NATable? My experience with 1.2.X was
rather unsatisfactory as it sometimes works, but sometimes (I assume when
several clients behind the NAT want something from the same server outside)
just fails for some minutes and then starts working again.
The problem is by no means esoteric: We have a HPC cluster doing data
analysis and the configuration files are in a different cell. I think I don't
have to give reasons why we don't want and also cannot give public IP
addresses to the cluster nodes.
To give a bit more background in case someone has already solved this:
everything is on Linux2.4, the (possible) NAT gateway would be on the AFS
database server and all fileservers of the local cell also are connected to
the private network. And for the quick ones: rsync doesn't cut it for our
case ;-)
We have done this for approx three years by:
* Having the NAT machine being a NAT machine ONLY, WITHOUT an AFS
client/server/etc. If you as much as breath "afs" on the NAT box it
breaks. Yes, this means a dedicated machine but for low loads any
old box would do.
* Our NAT machine runs Linux 2.4, patched to have larger timeouts so
the AFS callbacks work. This was tunable in good old 2.0 kernels
with ipfwadm, but someone came up with the good idea that patching
the kernel was a more modern approach. The patch is available at
/afs/hpc2n.umu.se/lap/linux-kernel/2.4.30/src/patches/afs_udp_conntrack.patch
* Rebooting the NAT box usually means restarting AFS on all clients as
the udp forwarding is lost.
This combined with the standard set of firewalling rules should get
you going. Have fun.
/Nikke
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Niklas Edmundsson, Admin @ {acc,hpc2n}.umu.se | [EMAIL PROTECTED]
---------------------------------------------------------------------------
* <- Tribble � <- Tribble doing jumping jacks
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
_______________________________________________
OpenAFS-devel mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-devel
