Amanda-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Another 'Amanda through firewall' problem

2004-08-18 16:48:15
Subject: Another 'Amanda through firewall' problem
From: KEVIN ZEMBOWER <KZEMBOWE AT jhuccp DOT org>
To: amanda-users AT amanda DOT org
Date: Wed, 18 Aug 2004 16:40:26 -0400 
Two years ago, I wrote here about problems getting Amanda to work through a 
firewall using NAT which couldn't be turned-off. I finally gave up in 
frustration, despite the helpful advice of the folks here, and set up two 
separate backup systems, one inside and outside the firewall. Adding to my 
frustration is the fact that I don't administer the firewall, and can't verify 
directly that what I requested was implemented. Now, I'm trying again to back 
up all my host with just one Amanda system.

My tapehost 'centernet' is trying to back up hosts 'admin' and 'mailinglists' 
in addition to itself, inside the firewall, and hosts 'www' and 'real' outside 
the firewall.

I've read and tried to follow the advice given to others in this situation. I 
changed the file common-src/security.c to comment out the section where the 
port number is checked. I also used the script, first given here, pasted in at 
the end of this note, to configure Amanda on both the server and the clients. I 
have the new Amanda system (tapehost inside the firewall) working on all the 
other hosts inside the firewall, but it times out with the hosts outside the 
firewall.

When I amcheck it, I don't get anything written in either the working or 
non-working clients, in either /tmp/Amanda or /tmp/Amanda-dbg.

Can anyone suggest any diagnostic tools or methods that I can use to verify 
that the firewall is set up the way I requested? I've tried to use 'netcat' in 
the past to verify proper transmission through a firewall, but don't understand 
how I could use it in this case, as I don't know what port the firewall will 
NAT the request to.

I'm not getting any diagnostic messages in any of the logs I've looked at, on 
either the host or clients.

Any suggestions? Thanks for all your help and advice.

-Kevin Zembower

=============================================
Amanda@cn2:~$ cat configure_amanda.sh
#!/bin/sh
# since I'm always forgetting to su amanda...
if [ `whoami` != 'amanda' ]; then
echo
echo "!!!!!!!!!!!! Warning !!!!!!!!!!!!"
echo "Amanda needs to be configured and built by the user amanda,"
echo "but must be installed by user root."
echo
exit 1
fi
echo "!!!!!!!!!!!! Warning !!!!!!!!!!!!"
echo "Did you remember to make the changes in common_src/security.c"
echo "to disable the port check, to allow amanda to work through a"
echo "NATted firewall like CCP's?"
echo
make clean
rm -f config.status config.cache
../configure --with-user=amanda \
   --with-group=disk \
   --with-owner=amanda \
   --with-tape-device=/dev/nst0 \
   --prefix=/usr/local \
   --with-portrange=10080,10083 \
   --with-tcpportrange=10080,10083 \
   --with-udpportrange=850,854 \
   --with-debugging=/tmp/amanda-dbg/ \
   --with-config=DBackup \
   --with-smbclient=/usr/bin/smbclient \
   --with-configdir=/etc/amanda 

amanda@cn2:~$
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  How to configure 2 drives in tape library, Grace Yeh
Next by Date:  Re: 'strange amanda header' errors, Scott Frisbie
Previous by Thread:  How to configure 2 drives in tape library, Grace Yeh
Next by Thread:  RE: Another 'Amanda through firewall' problem, donald . ritchey
Indexes:  [Date] [Thread] [Top] [All Lists]