healthy installation on os x does not connect at some locations
Anton Grigoriev
tfsangr at fy.chalmers.se
Fri Sep 29 13:41:12 CEST 2006
Thank you very mach, Harald!
It was very useful.
What I found is that
1) If I can connect to pdc, then I have response on rxdebug towards
sculpin like
AFS version: OpenAFS 1.4.0 built 2006-03-06
otherwise I have no responce
get version call failed with code -1, errno 0
2) I never have any response backwards, i.e. from lise to my Mac
7001 , even if I can connect to afs.
get version call failed with code -1, errno 0
2.a) I will change that at home via opening 7001 in OS X firewall
_and_ setting appropriate NAT rule in the router. Still, I do not
(yet ) see the effect on connectivity. It works without a client.
3) I have a) UU firewall ??? b) department's firewall c) OS X
firewall. d) more firewalls???
NB the setting called 'location' is always the same so computer
thinks it is in the same place, but with DHCP, so that IP is different.
My OS X firewall is set to reject udp in stelth mode. Changing this
does not change connectability.
3.a) System administrators are payed for being paranoid. For this
reason all laptops at my dept are connected OUTSIDE of the dept
firewall, so that they will not kill the system inside.
This leaves the Q if anyone at UU can mount afs from pdc. It also
could be that OS X firewall feels the change off location somehow ...
Ore there is yet another firewall in between. I will find out.
Sincerely
Anton
On Sep 28, 2006, at 15:12, Harald Barth wrote:
>
>> My guess is that there is a firewall blocking the ports that AFS
>> uses (udp
>> 7000-7003 or so). You could try running /usr/arla/bin/rxdebug
>> against
>> those ports on some interesting hosts (like
>> {anna,lise,houting}.pdc.kth.se)
>> to see if you get any packets through at all. Try rxdebug at home
>> or PDC
>> and compare results.
>
> At PDC rxdebug is in /usr/openafs/sbin/rxdebug
>
> The following commands should give output
> from your MAC:
>
> Against one of the AFS DB servers:
>
> rxdebug anna.pdc.kth.se 7007 -version
> rxdebug anna.pdc.kth.se 7003 -version
>
> Against the fileserver your $HOME is on:
>
> rxdebug sculpin.pdc.kth.se 7000 -version
> rxdebug sculpin.pdc.kth.se 7005 -version
>
> The following command should give output
> when executed on PDC:
>
> /usr/openafs/sbin/rxdebug angr.Fysik.UU.SE 7001 -version
>
> The ports are as follows (all UDP):
>
> 7007: AFS Volume location database
> 7003: AFS Users and groups database
> 7000: File server (files)
> 7005: File server (volumes)
> 7001: Client
>
>> Wrong. I mixed up the numbers.
>>
>> The ports are as follows (all UDP):
>>
>> 7003: AFS Volume location database
>> 7002: AFS Users and groups database
>> 7000: File server (files)
>> 7005: File server (volumes)
>> 7001: Client
>>
>> And 7007 is bos but not neccessary for you.
> So for this to work, the firewall has to be opened for these ports.
>
> If your sysadmin has any questions about AFS or firewalls etc, point
> him to the PDC support.
>
> Harald.
More information about the Arla-drinkers
mailing list