Thanks for the note, Jon.
I am looking for specifics from someone who's done this, with specifics
for --with-udpportrange, and --with-portrange (and --with-tcpportrange
if necessary.) Also, if this necessitates a corresponding change in
/etc/services?
If I add "--with-tcpportrange=850,859" or "--with-portrange=850-859",
configure complains with:
configure: WARNING: *** the TCP port range should be 1024 or greater in
--with-tcpportrange
So, does this imply that one (or both) of these parameters need to be
set to a non-privileged range and (at least) TWO separate ranges opened
on the firewall?
Thanks,
Jon LaBadie wrote:
On Sat, Jun 05, 2004 at 11:21:43AM -0700, John Bossert wrote:
Gentlemen (and Ladies,) I'm confused.
After perusing the list archives, Googling, etc., I'm still not clear on
what's necessary to establish a backup across a firewall and/or to
debug the process.
My firewall presently allow unfiltered egress from the Trusted segment
(where the server lives) to the DMZ (where the subject client lives.)
The literature suggests (to me) that the only communication initiated by
the client is UDP and can be controlled with (from my .configure):
--with-udpportrange=850,859
i've never done this and am unsure of my answer,
so i'm mailing off-list.
amanda needs some ports available for the initial contact.
these need to be in the special range below 1024 and i think
they need to be udp.
this part you have done.
(note, it must be on client and server i think)
but after the initial contact and authentication,
amanda also needs tcp ports in the non-special range.
that is where the backup travels.
so you will have to also open up those firewall ports
and configure with them.
--
John BOSSERT
Affidian Corporation
jbossert AT affidian DOT com
office: 206.388.0219
La thiorie, c'est quand on sait tout et que rien ne fonctionne.
La pratique, c'est quand tout fonctionne et que personne ne sait pourquoi.
Ici, nous avons riuni thiorie et pratique : Rien ne fonctionne... et
personne ne sait pourquoi!
[Einstein]
|
