Re: Secure AFP from DMZ

Subject: Re: Secure AFP from DMZ
From: Dan Shoop <email@hidden>
Date: Fri, 12 Aug 2005 15:29:40 -0400
Delivered-to: email@hidden
Delivered-to: email@hidden

At 2:22 PM -0700 8/11/05, Chris Stone wrote:

On Aug 11, 2005, at 12:07 PM, Dan Shoop wrote:
At 12:58 PM -0400 8/11/05, David Muszynski wrote:
On Aug 11, 2005, at 12:28 PM, Dan Shoop wrote:
Knowing the network geometry, routing and address spaces would be most helpful if you expect a better response.
In my case it's:
........
Where's the PIX in that? Are you the poster I was talking to under a pseudonym?
No. He's someone else. This is my reply...
On Aug 11, 2005, at 9:28 AM, Dan Shoop wrote:
There's probably no bug, the problem is most likely with your PIX, though this is common with NAT'ed network devices in general (in your case your "DMZ".) If you take the PIX out of the picture, place your XServe (on a switch) behind your router but before your PIX, and give it a public IP (like a real DMZ) it should work just fine.
Well, yeah, and it does. But that's not what I need.

Well that's too bad b/c that's how FTP and NAT work together. Or should I say don't FTP was NEVER designed for use in NAT environments.

Apple says what I need "should work", so I just want to confirm that: Is *anyone* having success with secure afp to any type of nat'd host?.

Well this isn't dependent on anything from Apple but rather how your NAPT server operates, so it's outside Apple scope. Yes it /should/ work assuming you have a real and proper NAPT device, but those are rare.

FWIW, I do think it's a bug at least that turning on verbose logging for ssl breaks secure afp (try adding "LogLevel DEBUG3" to /etc/ssh_config and attempt a secure afp connection; it'll cause connection attempts to time out -- unless it's just me, but I'll file it...)

SSL isn't used for secure AFP, ssh is. Teh above debug line doesn't affect SSL at all. What are you talking about? --

-dhan

------------------------------------------------------------------------
Dan Shoop                                                   AIM: iWiring
Systems & Networks Architect                     http://www.iwiring.net/
email@hidden                                 http://www.ustsvs.com/

pgp key fingerprint: FAC0 9434 B5A5 24A8 D0AF  12B1 7840 3BE7 3736 DE0B

iWiring provides systems and networks support for Mac OS X, unix, and
Open Source application technologies at affordable rates.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden


Follow-Ups:

Re: Secure AFP from DMZ
From: Chris Stone <email@hidden>


References:  
  >Secure AFP from DMZ (From: Chris Stone <email@hidden>)
  >Re: Secure AFP from DMZ (From: Dan Shoop <email@hidden>)
  >Re: Secure AFP from DMZ (From: David Muszynski <email@hidden>)
  >Re: Secure AFP from DMZ (From: Dan Shoop <email@hidden>)
  >Re: Secure AFP from DMZ (From: Chris Stone <email@hidden>)




Prev by Date:
Re: XSERVE RAID

Next by Date:
Re: what is the casue of these problem?

Previous by thread:
Re: Secure AFP from DMZ

Next by thread:
Re: Secure AFP from DMZ

Index(es):

Date
Thread













  
   Home
   Archives
   Terms/Conditions
   Contact
   RSS
   Lists
   About
 






Visit the Apple Store online or at retail locations.

1-800-MY-APPLE
Contact Apple | Terms of Use | Privacy Policy
Copyright © 2011 Apple Inc. All rights reserved.

References:
	>Secure AFP from DMZ (From: Chris Stone <email@hidden>)
	>Re: Secure AFP from DMZ (From: Dan Shoop <email@hidden>)
	>Re: Secure AFP from DMZ (From: David Muszynski <email@hidden>)
	>Re: Secure AFP from DMZ (From: Dan Shoop <email@hidden>)
	>Re: Secure AFP from DMZ (From: Chris Stone <email@hidden>)