[OpenAFS] running an OpenAFS-Server behind an NAT firewall

Thu, 16 Jun 2005 14:53:12 -0700 

Hi!

See http://m24s08.vlinux.de/~tobi/public/afs-problems.png for what I
have built here. files.mycell.de houses AFS fileserver and dbserver as
well as a Heimdal KDC. This works almost quite fine.

Within the local network, I can kinit, get tickets and tokens and then
access the /afs file tree. From outside the local network, there is a
problem. I can kinit and obtain tickets and tokens. I can issue
arbitrary bos and pts commands, create new groups, users, whatever. But
I cannot access the /afs file tree. The problem is that when I try to
access a volume, the client asks the VLDB where this volume is located
and always gets 192.168.0.2 as an answer. This is fine within the LAN,
but a problem outside of it, since.. well, where is 192.168.0.2? *grin*
In my case, the client tried to access the volumes on my own client
machine, since I do have 192.168.0.2, too. See some output:

[EMAIL PROTECTED] $ vos listvol mycell.dyndns.org
Total number of volumes on server mycell.dyndns.org partition /vicepa: 3
root.afs                          536870912 RW          3 K On-line
root.cell                         536870915 RW         59 K On-line
usr.tpfeiffer                     536870918 RW         12 K On-line

This is fine, isn't it?

[EMAIL PROTECTED] $ vos listvldb
VLDB entries for all servers

root.afs
    RWrite: 536870912
    number of sites -> 1
       server 192.168.0.2 partition /vicepa RW Site

root.cell
    RWrite: 536870915
    number of sites -> 1
       server 192.168.0.2 partition /vicepa RW Site

usr.tpfeiffer
    RWrite: 536870918
    number of sites -> 1
       server 192.168.0.2 partition /vicepa RW Site

This is not, since you see that actually the IP is wrong.

Now the question: How can I resolve this? Can I get the dbserver to
telling the clients outside the LAN that there is a different fileserver
housing these volumes? Can I somehow do something on the router so that
packets that go outside containing information about the fileserver will
be modified? The whole cell is still in a very early stage, so there can
still be made some basic modifications of the LAN layout. I appreciate
any hints! Thanks!

Bye
Tobias

--
Debian GNU/Linux Sarge has been released as stable!
 -- http://www.debian.de/News/2005/20050606

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to