Geoff:
See the Amanda archives for the general discussions of using portrange and
udp-portrange while configuring Amanda. We us it here for backups through
firewalls and have good success with it.
For example, we setup Amanda with the following statements in our Amanda
config shell scripts and set the firewalls to pass those port ranges
between the Amanda server and any client machines (but just those clients
and the server, not generally open to all comers).
--with-portrange=50000,50040 --with-udpportrange=890,899
Our firewall rules look something like:
>From amandaserver to amandaclients UDP 890-899
permit
>From amandaserver to amandaclients TCP 50000-50040
permit
>From amandaclients to amandaserver UDP 890-899 permit
>From amandaclients to amandaserver TCP 50000-50040 permit
It may not be strictly necessary for both directions to be specified in the
firewall rules, but it works for us.
Check with your firewall/network administrator to see if she/he has any
preferred port ranges for you to use. We picked the ones above based on
our firewall admin's observations that nothing else was using those ranges
around here.
Of course, your mileage may vary....
Good luck and best wishes for a Happy New Year,
Donald L. (Don) Ritchey
E-mail: Donald.Ritchey AT exeloncorp DOT com
-----Original Message-----
From: Geoff Austin [mailto:gaustin AT w-sys.co DOT uk]
Sent: Tuesday, December 30, 2003 4:44 AM
To: amanda-users AT amanda DOT org
Subject: Firewall Problem?
I started using Amanda a few weeks ago to backup 7 systems, all is well
except for 3 systems.
During every nightly dump three boxes fail with the message:
FAILURE AND STRANGE DUMP SUMMARY:
mail hda2 lev 0 FAILED [Estimate timeout from mail]
mail hda1 lev 0 FAILED [Estimate timeout from mail]
dns hda2 lev 0 FAILED [Estimate timeout from dns]
dns hda1 lev 0 FAILED [Estimate timeout from dns]
app //fnp/geoff lev 0 FAILED [no backup size line]
One of these is a windows box and it seems to be a problem with Samba,
but I'm not too worried about that for the moment. The other two are
both Linux boxes and the only difference between these two boxes and the
other successful boxes is that they are on the other side of a firewall.
So immediately I assume its the firewall that's the problem, but I have
managed to successfully run a test dump with amanda for one of the two
machines. I set up a test that commented out everything but mail & dns
in the disk file and then mail dumped ok, but dns still failed.
They are both running identical versions of Linux.
I have snipped a section of the log from the mail machine that looks to
be the offending section:
hda1 0 SIZE 12701
hda1 1 SIZE 4163
hda2 0 SIZE 5617335
hda2 2 SIZE 419676
----
amandad: time 142.165: dgram_recv: timeout after 10 seconds
amandad: time 142.165: waiting for ack: timeout, retrying
amandad: time 152.165: dgram_recv: timeout after 10 seconds
amandad: time 152.165: waiting for ack: timeout, retrying
amandad: time 162.165: dgram_recv: timeout after 10 seconds
amandad: time 162.165: waiting for ack: timeout, retrying
amandad: time 172.165: dgram_recv: timeout after 10 seconds
amandad: time 172.165: waiting for ack: timeout, retrying
amandad: time 182.165: dgram_recv: timeout after 10 seconds
amandad: time 182.165: waiting for ack: timeout, giving up!
amandad: time 182.165: pid 6081 finish time Tue Dec 30 00:35:02
2003
If I had to make a guess, it would be that it's a communication problem
through the firewall, but I am confused by the fact that it does work
sometime in a standalone test mode. I'm hoping that this is a known
problem and that I just have open a port on the firewall or something
similar.
Can anybody cast some light?
Many Thanks,
Geoff
************************************************************************
This e-mail and any of its attachments may contain Exelon Corporation
proprietary information, which is privileged, confidential, or subject
to copyright belonging to the Exelon Corporation family of Companies.
This e-mail is intended solely for the use of the individual or entity
to which it is addressed. If you are not the intended recipient of this
e-mail, you are hereby notified that any dissemination, distribution,
copying, or action taken in relation to the contents of and attachments
to this e-mail is strictly prohibited and may be unlawful. If you have
received this e-mail in error, please notify the sender immediately and
permanently delete the original and any copy of this e-mail and any
printout. Thank You.
************************************************************************
|