[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [afnog] AFS over NAT bug

To: Nelson Chamba <chamba at nambu.uem.mz>
Subject: Re: [afnog] AFS over NAT bug
From: Brian Candler <B.Candler at pobox.com>
Date: Thu, 14 Aug 2003 14:33:28 +0100
Cc: afnog-bounces at afnog.org
Cc: afnog at afnog.org
Content-Disposition: inline
Content-Type: text/plain; charset=us-ascii
Delivered-To: afnog-archive at lists.eahd.or.ug
Delivered-To: afnog at afnog.org
In-Reply-To: <000e01c36254$eb893ac0$05af7dc7 at NC>;from chamba at nambu.uem.mz on Thu, Aug 14, 2003 at 01:11:58PM +0200
List-Archive: <http://listserv4.cfi.co.ug/pipermail/afnog>
List-Help: <mailto:afnog-request at afnog.org?subject=help>
List-Id: The AfNOG general discussion list <afnog.afnog.org>
List-Post: <mailto:afnog at afnog.org>
List-Subscribe: <http://listserv4.cfi.co.ug/mailman/listinfo/afnog>,<mailto:afnog-request at afnog.org?subject=subscribe>
List-Unsubscribe: <http://listserv4.cfi.co.ug/mailman/listinfo/afnog>,<mailto:afnog-request at afnog.org?subject=unsubscribe>
References: <000e01c36254$eb893ac0$05af7dc7 at NC>
Sender: afnog-bounces at afnog.org
User-Agent: Mutt/1.2.5i

On Thu, Aug 14, 2003 at 01:11:58PM +0200, Nelson Chamba wrote:
>    There are two networks in our company. One is 196.x.x.x (servers) and
>    the other 192.x.x.x (workstations). There is also a NAT server. The
>    problem is that AFS does not
>    run with NAT.
>    
>    I would like to know how to run AFS without going through NAT or how
>    to remove the AFS IP from the NAT server.

You don't need NAT when talking from some machines in your company to
others; so just disable NAT for internal traffic.

You didn't say anything about what NAT hardware/software you were using.

I use 'ipfilter' under FreeBSD; this lets you say

map ep0 from 192.168.0.0/16 ! to 192.168.0.0/16 -> 0/32 proxy port ftp ftp/tcp
map ep0 from 192.168.0.0/16 ! to 192.168.0.0/16 -> 0/32 portmap tcp/udp auto
map ep0 from 192.168.0.0/16 ! to 192.168.0.0/16 -> 0/32

(i.e. traffic from 192.168.0.0/16 which is to all destinations OTHER than
192.168.0.0/16 is mapped, so internal traffic is not mapped).

With Linux ipfwadm, you used to be able to create rules like "forward from
192.168.0.0/16 to 192.168.0.0/16"; "forward from 192.168.0.0/16 to 0.0.0.0/0
with masquerading". The first rule takes precedence for internal traffic, so
packets are forwarded without masquerading.

It's been years since I used Linux so I can't give you anything more
specific. Ditto Cisco NAT etc.

Brian.
__________________________________________________
This is the Africa Network Operators' Group(AfNOG) 
technical discussion list.
The AfNOG website is: <http://www.afnog.org>

References:
- [afnog] AFS over NAT bug
  - From: "Nelson Chamba" <chamba at nambu.uem.mz>
- [afnog] AFS over NAT bug
  - From: "Nelson Chamba" <chamba at nambu.uem.mz>

Prev by Date: [afnog] AFS over NAT bug
Next by Date: Re: [afnog] AFS over NAT bug
Prev by thread: [afnog] AFS over NAT bug
Next by thread: Re: [afnog] AFS over NAT bug
Index(es):
- Date
- Thread