Coda File System

Re: running a coda server from behind a NAT

From: <u+codalist-p4pg_at_chalmers.se>
Date: Wed, 4 Jun 2008 20:42:11 +0200
Hi Martin,

On Wed, Jun 04, 2008 at 04:54:21PM +0200, Martin Wetterstedt wrote:
> I wonder if someone would be helpful to outline the strategy of running
> a coda server behind a NAT (from the point of view of a coda client
> outside the NAT).

Sure.

> In more detail:
> 
> I want to set up a coda server sitting in a local network. The local
> address to the server is 192.168.0.100. The address of the NAT is
> xxx.xxx.xxx.xxx. Ideally, the server should be reachable from within the
> local network as well as from the outside. From the outside the NAT is
> normally reached by it's IP-number. 

Let us for the moment avoid discussing this particular setup.

> I only intend to have one server in the system. 

Ok.

> * How do I configure the server? I prefer to set it up without a proper
> DNS. How do I deal with its dual (one local and the one that the NAT
> has) IP-addresses? What ports should the NAT forward.

I _strongly_ suggest taking care of DNS, it pays off.

> * Can I set up the clients in a way so that they can work without
> reconfiguring, regardless of if they are sitting on the local network or
> not, ie outside?

Sure. One big point with Coda is that you do not have to "set up" clients.
A Coda client works out of the box with all realms, including your own.
Just do your home work while setting up the servers.

> I guess that are my questions. Any more obstacles? I would be very

There are some obstacles and some necessary prerequisites.

One such prerequisite is that you can control your NAT-firewall,
so that you can set up packet forwarding rules.

The biggest problem is the Coda protocol which currently sends over
ip4-addresses of the servers. This means that a server must have a routable
ip-number a client can talk to.

I suggest setting up a double NAT, i.e. an additional NAT gateway
on yout internal network so that the server traffic ends up translated
twice. Then you give the server - on the "most internal" network - the same
ip-number as your external NAT-gateway has.

Set up packet forwarding appropriately, on both gateways.

Set up DNS, creating the corresponding SRV records pointing to a suitable
hostname which corresponds to the external IP number.

I have to repeat - set up DNS. Do not skip this step. DNS is the right
tool for the purpose. There are free DNS services out there, either
register your own domain for your realm, or use the services' subdomain
for your realmname. You will be glad you did it, the day you will use
someone else's computer to get to your data.

For a cheap and dirty one-server-realm it can be enough with an A record
mapping the realm name to the IP number.

Note that you would be able to set up a realm running several servers
located behind different NAT gateways, but no more than one server behind
each NAT and with "double" NAT in each case.

One of the realms I am using is set up this way. It works with standard
out-of-the-box clients both externally and on the internal networks.

> grateful for help with this. I have already read the documentation and
> Wiki, but have not been able to set this up completely from that
> description. 

Would you take the challenge of documenting the setup on the Wiki? :)
I have all bits but no time to make a howto.
Hopefully it will become obsoleted with ipv6 arrival, but it is not here yet.

Best regards,
Rune
Received on 2008-06-04 14:42:30
Binary file ./codalist-2008/8843.html matches