headers
Tomas Olsson | 4 Oct 2006 10:27
Picon
Picon

Re: healthy installation on os x does not connect at some locations

Anton Grigoriev <tfsangr <at> fy.chalmers.se> writes:
> Meanwhile, I found that the presence of the client connection from
> pdc to my Mac:7001 does not affect the work of arla afs. I made a NAT
> rule at home and opened OS X to listen on 7001, so that /usr/openafs/
> sbin/rxdebug from pdc sees my Mac. I found that nothing changed in my
> (working) afs connection.
> 
7001 is used by the server to notify the client about any changes made on
other hosts.  Do 'ls' on some directory from your client, add a file to it
on some pdc host, and then do ls locally again. If the file is visible, you
probably have working callbacks.

For changes you do on your mac, you will always see them since your client
already knows about them. And the pdc hosts do have full connectivity and
working callbacks, so it will be visible there, too.

/t
Permalink | Reply | 7 comments |
headers
Anton Grigoriev | 4 Oct 2006 09:55
Picon
Picon

Re: healthy installation on os x does not connect at some locations

I want to thank once more everyone who responded my mail. I am  
contacting my sysadmin to see if he can fix the firewall.

Meanwhile, I found that the presence of the client connection from  
pdc to my Mac:7001 does not affect the work of arla afs. I made a NAT  
rule at home and opened OS X to listen on 7001, so that /usr/openafs/ 
sbin/rxdebug from pdc sees my Mac. I found that nothing changed in my  
(working) afs connection.

Sincerely
Anton

On Sep 29, 2006, at 13:41, Anton Grigoriev wrote:

> Thank you very mach, Harald!
> It was very useful.
>
> What I found is that
> 1) If I can connect to pdc, then I have response on rxdebug towards  
> sculpin like
> AFS version:  OpenAFS 1.4.0 built  2006-03-06
> otherwise I have no responce
> get version call failed with code -1, errno 0
>
> 2) I never have any response backwards, i.e. from lise to my Mac  
> 7001 , even if I can connect to afs.
> get version call failed with code -1, errno 0
> 2.a) I will change that at home via opening 7001 in OS X firewall  
> _and_ setting appropriate NAT rule in the router.  Still, I do not  
> (yet ) see the effect on connectivity. It works without a client.
(Continue reading)

Permalink | Reply | 8 comments |
headers
Anton Grigoriev | 9 Oct 2006 12:32
Picon
Picon

Re: healthy installation on os x does not connect at some locations

Thank you for this info. Now I understand. However, this  
functionality is not critical - I mostly need to read the data after  
my calculations.

As for the situation with the error
/usr/arla/bin/rxdebug lise(anna,sculpin).pdc.kth.se 7000 -version
Trying 194.132.193.217 (port 7000):
get version call failed with code -1, errno 0

how the outward connection can be firewalled? I am sure now that the  
laptops are still otside of the department firewall, but the  
university firewall allows the afs traffic. It migh be not possible  
to find the intermediate misconfigured link.
Is there any way to tunnel the afs connection? Like ssh tunnel.
I always get an error like
failed for listen port 7000
or
cannot listen to port: 7000
Sincerely
Anton

On Oct 4, 2006, at 10:27, Tomas Olsson wrote:

> Anton Grigoriev <tfsangr <at> fy.chalmers.se> writes:
>> Meanwhile, I found that the presence of the client connection from
>> pdc to my Mac:7001 does not affect the work of arla afs. I made a NAT
>> rule at home and opened OS X to listen on 7001, so that /usr/openafs/
>> sbin/rxdebug from pdc sees my Mac. I found that nothing changed in my
>> (working) afs connection.
>>
(Continue reading)

Permalink | Reply | 6 comments |
headers
Tomas Olsson | 9 Oct 2006 13:49
Picon
Picon

Re: healthy installation on os x does not connect at some locations

Anton Grigoriev <tfsangr <at> fy.chalmers.se> writes:
> this functionality is not critical - I mostly need to read the data after
> my calculations.
> 
Ok, then you're probably fine without callbacks as long as you don't happen
to have a file with the same name in your cache already, in which case you
may end up reading the old data.  Restarting arla or just using
/usr/arla/bin/fs flush (or flushvolume) on the file will give you fresh
data.

> As for the situation with the error
> /usr/arla/bin/rxdebug lise(anna,sculpin).pdc.kth.se 7000 -version
> Trying 194.132.193.217 (port 7000):
> get version call failed with code -1, errno 0
>
Of those only sculpin should reply, 7000 is the fileserver port. lise is a
client, anna is a volume location server.

And that's such a helpful error message. Not.

So on what ports do you have connectivity now?

> Is there any way to tunnel the afs connection? Like ssh tunnel.
>
Not that I know of, but I'll leave that one for the tunneling experts.  Is
it possible to push all outgoing traffic on certain ports into a tunnel
instead of the ordinary network interface?  Better solutions?

/t
(Continue reading)

Permalink | Reply | 1 comment |
headers
Harald Barth | 9 Oct 2006 13:56
Picon
Picon
Favicon

Re: healthy installation on os x does not connect at some locations


> As for the situation with the error
> /usr/arla/bin/rxdebug lise(anna,sculpin).pdc.kth.se 7000 -version
> Trying 194.132.193.217 (port 7000):
> get version call failed with code -1, errno 0

Anna and lise will not answer on port 7000. Sculpin does.

> how the outward connection can be firewalled? I am sure now that the  
> laptops are still otside of the department firewall, but the  
> university firewall allows the afs traffic. It migh be not possible  
> to find the intermediate misconfigured link.

Go to your provider. Sunet delivers the bits to your provider, if
they fail to forward them, you don't have full Internet. If works
for example from UPC, Bredbandsbolaget, etc etc.

> Is there any way to tunnel the afs connection? Like ssh tunnel.

No. You could write the program. I don't think you want to.

Harald.
Permalink | Reply | 3 comments |
headers
Anton Grigoriev | 9 Oct 2006 14:13
Picon
Picon

Re: healthy installation on os x does not connect at some locations


>> Trying 194.132.193.217 (port 7000):
>> get version call failed with code -1, errno 0
>>
> Of those only sculpin should reply, 7000 is the fileserver port.  
> lise is a
> client, anna is a volume location server.
>
> And that's such a helpful error message. Not.
>
> So on what ports do you have connectivity now?
>

I have no connectivity. I can connect from home and from WiFi, the  
latter takes me to another domain (student.uu.se from fysik.uu.se).  
Thus I loose printers ( I can print via IP, but then I can not print  
duplex) and this connection terminates each time my computer fall  
asleep - quite inconvenient. Also WiFi is slow, so that afs often is  
stuck.
Permalink | Reply | 0 comments |
headers
Anton Grigoriev | 9 Oct 2006 14:17
Picon
Picon

Re: healthy installation on os x does not connect at some locations

>
> Go to your provider. Sunet delivers the bits to your provider, if
> they fail to forward them, you don't have full Internet. If works
> for example from UPC, Bredbandsbolaget, etc etc.
>

You are catching the essence of it! My provider does forward all and  
it works fine at home, and rather fast. But I have problems at work!  
At Uppsala University.

>> Is there any way to tunnel the afs connection? Like ssh tunnel.
>
> No. You could write the program. I don't think you want to.

Ok.
Permalink | Reply | 1 comment |
headers
Harald Barth | 9 Oct 2006 14:25
Picon
Picon
Favicon

Re: healthy installation on os x does not connect at some locations

> But I have problems at work!  
> At Uppsala University.

So if you tell me some contact information (maybe in private email)
I can help you to get the real Internet and not the part that someone
thinks is sufficient.

Harald.
Permalink | Reply | 0 comments |
headers
Måns Nilsson | 9 Oct 2006 14:17
Picon
Picon

Re: healthy installation on os x does not connect at some locations


--On måndag, måndag 9 okt 2006 13.56.31 +0200 Harald Barth
<haba <at> pdc.kth.se> wrote:

> Go to your provider. Sunet delivers the bits to your provider, if
> they fail to forward them, you don't have full Internet. If works
> for example from UPC, Bredbandsbolaget, etc etc.

...and, to put onion on the salmon, through a pretty pathetic D-Link NAT GW
connected to Comhem broadband (heavily filtered) I get working connectivity
(bar callbacks -- but that is NAT for you.) -- I even got a very slow
connection over GPRS from X2000 train "Internet". 

>> Is there any way to tunnel the afs connection? Like ssh tunnel.
> 
> No. You could write the program. I don't think you want to.

Additionally; you would have to provision an endpoint outside the whatever
it now is that stops you.. 

Earlier in the thread, you wrote: 

> My OS X firewall is set to reject udp in stelth mode. Changing this  
> does not change connectability.

Are you certain? 
--

-- 
Måns Nilsson                     Systems Specialist
+46 70 681 7204   cell                       KTHNOC
+46 8 790 6518  office                  MN1334-RIPE
(Continue reading)

Permalink | Reply | 0 comments |

Gmane