NetInfo keeps everything straight. There are also 2 other afs servers on
the internal net that replicate to the dual homed server every night via
the non routable class A address 10.1.1.x..
The packet logs bear this out.
It also works, for whatever reason.
Tedc
Jeffrey Hartwigsen wrote:
ted
Jeffrey Hartwigsen wrote:
>
>>> Scratch that.. *red face* I forgot to specify port 7001.
>>>
>>
>> When the clients are behind a NAT the port may not be 7001. In your
>> example the port was 12096.
>>
>> Jeffrey Altman
>>
>
> Right. This was the test client I put on the same subnet
ted creedon wrote:
For what its worth, an identical problem was solved by placing the afs
server on a DMZ running its own firewall, installing 2 nic cards, one
internal and one external, and writing firewall rules to match. Only afs
traffic is allowed from the internal net to the afs server which
Scratch that.. *red face* I forgot to specify port 7001.
When the clients are behind a NAT the port may not be 7001. In your
example the port was 12096.
Jeffrey Altman
Right. This was the test client I put on the same subnet with the
server. I couldn't figure out why it would
For what its worth, an identical problem was solved by placing the afs
server on a DMZ running its own firewall, installing 2 nic cards, one
internal and one external, and writing firewall rules to match. Only afs
traffic is allowed from the internal net to the afs server which also is the
KRB5 ser
Jeffrey Hartwigsen wrote:
>
>>
>> I'm having trouble getting rxdebug -ver to respond for any windows
>> client even if it's on the same network as the server or other client
>> with no firewalls enabled. I just used rxdebug the other day to
>> determine which versions I still have deployed. It wor
Jeffrey Hartwigsen wrote:
> I'm having trouble getting rxdebug -ver to respond for any windows
> client even if it's on the same network as the server or other client
> with no firewalls enabled. I just used rxdebug the other day to
> determine which versions I still have deployed. It worked fine
I'm having trouble getting rxdebug -ver to respond for any windows
client even if it's on the same network as the server or other client
with no firewalls enabled. I just used rxdebug the other day to
determine which versions I still have deployed. It worked fine then.
Could this have somet
--On Wednesday, April 26, 2006 6:07 PM -0400 Jeffrey Altman
<[EMAIL PROTECTED]> wrote:
bil wrote:
That kind of begs my question about whether a contact interval as an
option with a variable to be set is possible as seems to be the case in
the windows 1.5.1 client. I have absolutely no idea
And what about when trying to reach \\afs\all\ ?
Sometimes they get the same error for \\afs\all\ and sometimes it's only
when trying to access specific volumes. There are far less of these
occurrences them now than before we increased the timeouts.
...
Now the question is whether
bil wrote:
> That kind of begs my question about whether a contact interval as an
> option with a variable to be set is possible as seems to be the case in
> the windows 1.5.1 client. I have absolutely no idea whether that would
> be possible or not, or easy or hard--I freely admit absolute ignora
Jeffrey Hartwigsen wrote:
> After resetting the UDP timeouts on both of our NAT boxes to 11 minutes,
> things are much improved. We are still experiencing some problems with
> timeouts though. (Windows claims "The network path cannot be found" when
> trying to access filespace)
And what about whe
--On Wednesday, April 26, 2006 2:30 PM -0400 Jim Rees <[EMAIL PROTECTED]>
wrote:
Sigh. Groan. Didn't we just discuss this last week for the hundredth
time?
Can't say, I may have missed something, sorry if I did.
I am aware that the issue comes up pretty regularly, but then NATs are
pre
Jeffrey Altman wrote:
I would need to see the output of the file server logs at level 125
to explain to you exactly what is happening. However, suffice it to
say that if your NATs do not keep the port mappings open, nothing the
file server does is going to help.
Jeffrey Altman
After rese
There's no real reason to NAT the UDP ports on an afs server.
tedc
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Ken Hornstein
Sent: Wednesday, April 26, 2006 11:38 AM
To: openafs-info@openafs.org
Subject: Re: [OpenAFS] NAT issues.
>Doing this with tt
>Doing this with ttl=1 is an intriguing idea, but I think it belongs in an
>external application, like natkeep, not in OpenAFS. And it would be hard to
>implement, requiring systype dependent code. And the ultimate fix is tcp
>but that's a big job and a long way off.
s/long/medium/
--Ken
__
Sigh. Groan. Didn't we just discuss this last week for the hundredth time?
The consensus was that it's a bad idea to allow ordinary users to pound on
the servers that way. I did put code in cvs head that will check up and
down servers every 30 seconds, but right now there is no convenient way t
--On Wednesday, April 26, 2006 12:01 PM -0400 Jeffrey Altman
<[EMAIL PROTECTED]> wrote:
Windows clients running 1.4.0 when idle do not contact the file servers
but once per hour. During that time period the NATs will timeout the
port mappings. Hence the file servers will not be able to com
Using a single NAT firewall set up with Fwbuilder the rule is
:firewall to any afs and
:any to firewall afs
The dual homed server listens to both the internal net and the external net.
Kerberos V has to be set up too.
Linksys firewalls don't work with the standard code.
Looking at the packet
A few of us have worked on it in the past but no one is working on the
FreeBSD client now.
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
On Apr 26, 2006, at 1:05 PM, vladimir konrad wrote:
Are there any plans for completing FreeBSD's openafs client
functionality in the near future?
i found arla working fine (did not do much testing though), i build
it from
source.
http://www.stacken.kth.se/project/arla/
That heavily depe
> Are there any plans for completing FreeBSD's openafs client
> functionality in the near future?
i found arla working fine (did not do much testing though), i build it from
source.
http://www.stacken.kth.se/project/arla/
vlad
pgpbQWZdH3HoG.pgp
Description: PGP signature
Are there any plans for completing FreeBSD's openafs client
functionality in the near future?
simon.
--
http://www.fastmail.fm - Does exactly what it says on the tin
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mail
23 matches
Mail list logo