I can comment on several aspects of the callback/firewall issues:

1) Using DHCP, or more precisely, having clients have different
addresses at different times for reasons including DHCP and static
configurations, seems to work fine.  Yes, you lose the active
callbacks for recently accessed files when you change addresses, but
other than introducing some slight delays and chance for conflicts
(which have not actually bothered me), this has caused me no problems
in practice.

2) Firewalls are problematic.  In my case, the client->server rpc
(venus->codasrv) works ok, but the side effects don't, since the first
packet in the exchange is sent from the server (codasrv-se->venus-se).
Having the client send a venus-se->codasrv-se packet before this would
probably make most stateful firewalls that allow UDP responses work
ok.

3) Coda seems to use MTU-sized packets, and not do MTU discovery.
I believe this makes it work suboptimally with IPSEC, Mobile IP, etc.
When my own project involving IPSEC and Mobile IP-like stuff gets
farther along, I hope to look into this a bit, and at least make rpc2
use 1400-byte packets.
Having rpc2 work on top of TCP could inherit path MTU discovery.
Otherwise, I think it would be nice if rpc2 did PMTU discovery itself.

        Greg Troxel <gdt_at_ir.bbn.com>