netrestrict(5) [redhat man page]
NETRESTRICT(5) AFS File Reference NETRESTRICT(5) NAME
NetRestrict - Defines interfaces not to register with AFS servers DESCRIPTION
There are two NetRestrict files, one for an AFS client and one for an AFS File Server or database server. The AFS client NetRestrict file specifies the IP addresses that the client should not register with the File Servers it connects to. The server NetRestrict file specifies what interfaces should not be registered with AFS Database Servers or used to talk to other database servers. Client NetRestrict The NetRestrict file, if present in a client machine's /etc/openafs directory, defines the IP addresses of the interfaces that the local Cache Manager does not register with a File Server when first establishing a connection to it. For an explanation of how the File Server uses the registered interfaces, see NetInfo(5). As it initializes, the Cache Manager constructs a list of interfaces to register, from the /etc/openafs/NetInfo file if it exists, or from the list of interfaces configured with the operating system otherwise. The Cache Manager then removes from the list any addresses that appear in the NetRestrict file, if it exists. The Cache Manager records the resulting list in kernel memory. The NetRestrict file is in ASCII format. One IP address appears on each line, in dotted decimal format. The order of the addresses is not significant. The value 255 is a wildcard that represents all possible addresses in that field. For example, the value 192.12.105.255 indicates that the Cache Manager does not register any of the addresses in the 192.12.105 subnet. To display the addresses the Cache Manager is currently registering with File Servers, use the fs getclientaddrs command. Server NetRestrict The NetRestrict file, if present in the /var/lib/openafs/local directory, defines the following: o On a file server machine, the local interfaces that the File Server (fileserver process) does not register in the Volume Location Database (VLDB) at initialization time. o On a database server machine, the local interfaces that the Ubik synchronization library does not use when communicating with the database server processes running on other database server machines. As it initializes, the File Server constructs a list of interfaces to register, from the /var/lib/openafs/local/NetInfo file if it exists, or from the list of interfaces configured with the operating system otherwise. The File Server then removes from the list any addresses that appear in the NetRestrict file, if it exists. The File Server records the resulting list in the /var/lib/openafs/local/sysid file and registers the interfaces in the VLDB. The database server processes use a similar procedure when initializing, to determine which interfaces to use for communication with the peer processes on other database machines in the cell. The NetRestrict file is in ASCII format. One IP address appears on each line, in dotted decimal format. The order of the addresses is not significant. To display the File Server interface addresses registered in the VLDB, use the vos listaddrs command. SEE ALSO
NetInfo(5), sysid(5), vldb.DB0(5), fileserver(8), fs_getclientaddrs(1) vos_listaddrs(1) COPYRIGHT
IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved. This documentation is covered by the IBM Public License Version 1.0. It was converted from HTML to POD by software written by Chas Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. OpenAFS 2012-03-26 NETRESTRICT(5)
Check Out this Related Man Page
NETINFO(5) AFS File Reference NETINFO(5) NAME
NetInfo - Defines machine interfaces to register with AFS servers DESCRIPTION
There are two NetInfo files, one for an AFS client and one for an AFS File Server or database server. The AFS client NetInfo file specifies the IP addresses that the client should register with the File Servers it connects to. The server NetInfo file specifies what interfaces should be registered with AFS Database Servers or used to talk to other database servers. Client NetInfo The client NetInfo file lists the IP addresses of one or more of the local machine's network interfaces. If it exists in the /etc/openafs directory when the Cache Manager initializes, the Cache Manager uses its contents as the basis for a list of local interfaces. Otherwise, the Cache Manager uses the list of interfaces configured with the operating system. It then removes from the list any addresses that appear in the /etc/openafs/NetRestrict file, if it exists. The Cache Manager records the resulting list in kernel memory. The first time it establishes a connection to a File Server, it registers the list with the File Server. The File Server uses the addresses when it initiates a remote procedure call (RPC) to the Cache Manager (as opposed to responding to an RPC sent by the Cache Manager). There are two common circumstances in which the File Server initiates RPCs: when it breaks callbacks and when it pings the client machine to verify that the Cache Manager is still accessible. The NetInfo file is in ASCII format. One of the machine's IP addresses appears on each line, in dotted decimal format. The File Server initially uses the address that appears first in the list. The order of the remaining addresses is not significant: if an RPC to the first interface fails, the File Server simultaneously sends RPCs to all of the other interfaces in the list. Whichever interface replies first is the one to which the File Server then sends pings and RPCs to break callbacks. To prohibit the Cache Manager absolutely from using one or more addresses, list them in the NetRestrict file. To display the addresses the Cache Manager is currently registering with File Servers, use the fs getclientaddrs command. To replace the current list of interfaces with a new one between reboots of the client machine, use the fs setclientaddrs command. Server NetInfo The server NetInfo file, if present in the /var/lib/openafs/local directory, defines the following: o On a file server machine, the local interfaces that the File Server (fileserver process) can register in the Volume Location Database (VLDB) at initialization time. o On a database server machine, the local interfaces that the Ubik database synchronization library uses when communicating with the database server processes running on other database server machines. If the NetInfo file exists when the File Server initializes, the File Server uses its contents as the basis for a list of interfaces to register in the VLDB. Otherwise, it uses the list of network interfaces configured with the operating system. It then removes from the list any addresses that appear in the /var/lib/openafs/local/NetRestrict file, if it exists. The File Server records the resulting list in the /var/lib/openafs/local/sysid file and registers the interfaces in the VLDB. The database server processes use a similar procedure when initializing, to determine which interfaces to use for communication with the peer processes on other database machines in the cell. The NetInfo file is in ASCII format. One of the machine's IP addresses appears on each line, in dotted decimal format. The order of the addresses is not significant. Optionally, the File Server can be forced to use an IP address that does not belong to one of the server interfaces. To do this, add a line to the NetInfo file with the IP address prefixed with "f" and a space. This is useful when the File Server is on the internal side of a NAT firewall. To display the File Server interface addresses registered in the VLDB, use the vos listaddrs command. EXAMPLES
If the File Server is on the internal side of a NAT firewall, where it serves internal clients using the IP address 192.168.1.123 and external clients using the IP address 10.1.1.321, then the NetInfo file should contain the following: 192.168.1.123 f 10.1.1.321 SEE ALSO
NetRestrict(5), sysid(5), vldb.DB0(5), fileserver(8), fs_getclientaddrs(1), fs_setclientaddrs(1), vos_listaddrs(1) COPYRIGHT
IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved. This documentation is covered by the IBM Public License Version 1.0. It was converted from HTML to POD by software written by Chas Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. OpenAFS 2012-03-26 NETINFO(5)