AFS Kerberos And Firewalls

Here is some information, in the format of Linux iptables-save output, that may help you to understand what ports need to be opened on a firewall in order to allow AFS and Kerberos to function:

:KERBEROS-INPUT - [0:0]
:AFS-INPUT - [0:0]
-A INPUT -j KERBEROS-INPUT
-A INPUT -j AFS-INPUT
-A AFS-INPUT -p udp -m udp --dport 7001 --sport 7000 -j ACCEPT
-A AFS-INPUT -p udp -m state --state ESTABLISHED \
              -m udp --sport 7002:7009 --dport 1025: -j ACCEPT
-A KERBEROS-INPUT -p udp -m state --state ESTABLISHED \
              -m udp --sport kerberos --dport 1025: -j ACCEPT
-A KERBEROS-INPUT -p udp -m state --state ESTABLISHED \
              -m udp --sport kerberos4 --dport 1025: -j ACCEPT
-A KERBEROS-INPUT -p udp -m state --state ESTABLISHED \
              -m udp --sport 4444 --dport 1025: -j ACCEPT

More human friendly documentation would be welcomed...

-- NoahMeyerhans - 24 Mar 2005
Topic revision: 23 Jan 2008, KarlRamm
 

MIT Computer Science and Artificial Intelligence Laboratory

 

  • About CSAIL
  • Research
  • News + Events
  • Resources
  • People

This site is powered by Foswiki MIT: Massachusetts Institute of Technology