Two years ago, I wrote here about problems getting Amanda to work through a
firewall using NAT which couldn't be turned-off. I finally gave up in
frustration, despite the helpful advice of the folks here, and set up two
separate backup systems, one inside and outside the firewall. Adding to my
frustration is the fact that I don't administer the firewall, and can't verify
directly that what I requested was implemented. Now, I'm trying again to back
up all my host with just one Amanda system.
My tapehost 'centernet' is trying to back up hosts 'admin' and 'mailinglists'
in addition to itself, inside the firewall, and hosts 'www' and 'real' outside
the firewall.
I've read and tried to follow the advice given to others in this situation. I
changed the file common-src/security.c to comment out the section where the
port number is checked. I also used the script, first given here, pasted in at
the end of this note, to configure Amanda on both the server and the clients. I
have the new Amanda system (tapehost inside the firewall) working on all the
other hosts inside the firewall, but it times out with the hosts outside the
firewall.
When I amcheck it, I don't get anything written in either the working or
non-working clients, in either /tmp/Amanda or /tmp/Amanda-dbg.
Can anyone suggest any diagnostic tools or methods that I can use to verify
that the firewall is set up the way I requested? I've tried to use 'netcat' in
the past to verify proper transmission through a firewall, but don't understand
how I could use it in this case, as I don't know what port the firewall will
NAT the request to.
I'm not getting any diagnostic messages in any of the logs I've looked at, on
either the host or clients.
Any suggestions? Thanks for all your help and advice.
-Kevin Zembower
=============================================
Amanda@cn2:~$ cat configure_amanda.sh
#!/bin/sh
# since I'm always forgetting to su amanda...
if [ `whoami` != 'amanda' ]; then
echo
echo "!!!!!!!!!!!! Warning !!!!!!!!!!!!"
echo "Amanda needs to be configured and built by the user amanda,"
echo "but must be installed by user root."
echo
exit 1
fi
echo "!!!!!!!!!!!! Warning !!!!!!!!!!!!"
echo "Did you remember to make the changes in common_src/security.c"
echo "to disable the port check, to allow amanda to work through a"
echo "NATted firewall like CCP's?"
echo
make clean
rm -f config.status config.cache
../configure --with-user=amanda \
--with-group=disk \
--with-owner=amanda \
--with-tape-device=/dev/nst0 \
--prefix=/usr/local \
--with-portrange=10080,10083 \
--with-tcpportrange=10080,10083 \
--with-udpportrange=850,854 \
--with-debugging=/tmp/amanda-dbg/ \
--with-config=DBackup \
--with-smbclient=/usr/bin/smbclient \
--with-configdir=/etc/amanda
amanda@cn2:~$
|