Hi everyone,

I've successfully setup Amanda to backup our internal servers. Our setup
is the classic DMZ setup:

inner network => inner-firewall => DMZ => outer-firewall => internet

The Backup Server is in the inner network. The firewalls are both running
debian 2.2 potato with ipchains (unfortunately kernel doesn't seem to have
port-forwarding capabilities and I don't like to roll my own if there is
another way ...).

Now I have to backup one host which sits in the DMZ.
Both amanda instances (on the backup server and the client in the DMZ) were
compiled with the following configure options:

'--with-portrange=850,854' '--with-udpportrange=850,854'

Unfortunately amcheck is unable to connect to the client in the DMZ. I then
monitored with tcpdump what is happening:

Backupserver (inner network) binds to a port between 850-854 and tries to
connect to the backup client in the DMZ on port 10080. The connection of
course goes to the inner-firewall, which maps the port (850-854) to a highport
and forwards the request to the backup client in the DMZ. The latter
machine tries to connect back to the backup server in the inner network.
Passing through the inner firewall the highport gets translated back to
the original port 850-854. Looks good to me - but doesn't work :(

amcheck complains with "port (insert-highport-here) is not secure". I've
read the amanda FAQs but the answer given to this problem didn't help because
I haven't installed the firewalls and am by far no firewall magician. Why
does amanda receive the highport which should have been mapped back by
the inner-firewall? And what rules do I have to add to make it work? Do
I need port forwarding? Or is there another way to do what I want?

Thanks a lot for your help!

Toby


---------------------------------------------------
http://www.funkreich.de // may the funk be with you