On Fri, Jun 21, 2002 at 10:12:05AM -0700, Tewari, Vijay wrote:
> I am attempting to run a CODA client behind a NAT. 
> 
> |--------------|       |------|       |------------|
> | CODA Server  |-------|  NAT |-------| Coda Client|
> |--------------|       |------|       |------------|

Ehh, which of the client or server is being masqueraded here?

I'm guessing the client.

If you set 'masquerade=1' in /etc/coda/venus.conf, all outgoing
communication will go from a single (arbitrary) port to port 2432 on the
server. The server recognizes this and will send anything, including
callbacks back to that port. The firewall should know how to forward
these replies.

The only thing is that due to not enough communication the firewall
sometimes drops the redirection information. A Linux 'iptables' based
firewall will do this after 2 minutes of seeing the last packet.
So there is another flag for the client, 'serverprobe=' which can be
used to force a probe once every N seconds, which keeps the redirection
in the firewall active.

Some firewalls have problems with fragmented packets. There isn't a
complete solution for this yet, but setting "validateattrs=21" should
remove at least one source of fragmentation.

So I have,
    masquerade=1
    serverprobe=150
    validateattrs=21

at the end of my venus.conf.

Then getting tokens is something between clog and the auth2 daemon, clog
will send UDP packets to port 370 on the server. The server simply
responds.

Jan