On 6/29/2025 8:25 PM, Ernesto Alfonso wrote:
My current attempt is to use SSH to forward all the relevant openafs ports as local services, and then try to trick my AFS client into connecting to 127.0.0.1. I'm forwarding the ports 88, 7000-7007, using a command similar to this:ssh -N myhome.com <http://myhome.com> -L 88:afsserver:88 -L 7000:afsserver:7000 -L 7001:afsserver:7001 -L 7002:afsserver:7002 -L 7003:afsserver:7003 -L 7004:afsserver:7004 -L 7005:afsserver:7005 -L 7006:afsserver:7006 -L 7007:afsserver:7007
Although this approach might permit aklog and the cache manager to contact the location service (7003/udp) and the protection service (7002/udp), it will not result in the cache manager being able to contact the fileserver (7000/udp) because the IPv4 address used to contact the fileserver(s) will be obtained from the location service when the cache manager attempts to resolve the location of the required volumes.
"vos listaddrs -printuuid -noresolve" will show you the addresses which the cache manager will be instructed to use. Although the fileserver can be configured to register fake addresses, localhost addresses 127.0.x.y are prohibited.
Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
