You are here: Foswiki>TIG Web>FileSystemsAndBackups>AFSKerberosAndFirewalls (revision 5)EditAttach

AFS Kerberos And Firewalls

Here is some information, in the format of Linux iptables-save output, that may help you to understand what ports need to be opened on a firewall in order to allow AFS and Kerberos to function:

:KERBEROS-INPUT - [0:0]
:AFS-INPUT - [0:0]
-A INPUT -j KERBEROS-INPUT
-A INPUT -j AFS-INPUT
-A AFS-INPUT -p udp -m udp --dport 7001 --sport 7000 -j ACCEPT
-A AFS-INPUT -p udp -m state --state ESTABLISHED \
              -m udp --sport 7002:7009 --dport 1025: -j ACCEPT
-A KERBEROS-INPUT -p udp -m state --state ESTABLISHED \
              -m udp --sport kerberos --dport 1025: -j ACCEPT
-A KERBEROS-INPUT -p udp -m state --state ESTABLISHED \
              -m udp --sport kerberos4 --dport 1025: -j ACCEPT
-A KERBEROS-INPUT -p udp -m state --state ESTABLISHED \
              -m udp --sport krb524 --dport 1025: -j ACCEPT

More human friendly documentation would be welcomed...

-- NoahMeyerhans - 24 Mar 2005
Edit | Attach | Print version | History: r6 < r5 < r4 < r3 | Backlinks | View wiki text | Edit WikiText | More topic actions...
Topic revision: 21 Nov 2006, JasonDorfman
 

MIT Computer Science and Artificial Intelligence Laboratory

 

  • About CSAIL
  • Research
  • News + Events
  • Resources
  • People

This site is powered by Foswiki MIT: Massachusetts Institute of Technology