Coda File System

Re: Multi-homed server?

From: Stephen J. Turnbull <turnbull_at_sk.tsukuba.ac.jp>
Date: Wed, 24 May 2000 08:54:32 +0900 (JST)
>>>>> "Jan" == Jan Harkes <jaharkes_at_cs.cmu.edu> writes:

    Jan> On Wed, May 24, 2000 at 03:22:53AM +0900, Stephen J. Turnbull
    Jan> wrote:
    >> Is there any way to force venus to use the configured server
    >> address to talk to the codasrv?

    Jan> What configured server address? The `rootservers'
    Jan> configuration option only tells venus which machines to ask
    Jan> for volume location information.

OK, I'm confused.  Still the client does talk to the server at first
with the address I intend it to have.

    Jan> The volume location database (VLDB), which is used to locate
    Jan> the server that stores a volume, contains one ip-address for
    Jan> a server, the first one returned from
    Jan> gethostbyname(gethostname()).

I'm probably hosed then, Coda can't handle multi-homed hosts.  (It
probably doesn't need to for my immediate application, I'm sure it's a
bad idea to have a Coda server that has sensitive stuff for the VPN
also accessible from the public network.  But I could imagine for
example the Coda server being accessible from two partitions of an
internal network---in fact, that is what I have in mind in the long
run.)

    Jan> In general, what you want is to have your machines listed
    Jan> with one (publicly known) ip-address, and then add static
    Jan> host routes to redirect internal traffic over the VPN.

It's not a V*P*N anymore, then, is it?  This is not acceptable; I
don't want applications using the VPN to know anything about the
external network, and vice-versa, except for designated gateways.
(One problem is that I will be sharing the physical network with
nearly public-access DHCP and security-comatose colleagues; one point
of the experiment is to demonstrate the possibilities of this kind of
arrangement to the technical staff, who have no time to "play.")

I guess this means that in practice I will have to move the Coda
server(s) off the public network, so they can be single-homed on the
VPN.

-- 
University of Tsukuba                Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
Institute of Policy and Planning Sciences       Tel/fax: +81 (298) 53-5091
_________________  _________________  _________________  _________________
What are those straight lines for?  "XEmacs rules."
Received on 2000-05-23 19:57:07