On Mon, Apr 25, 2005 at 01:04:06PM -0500, donald.ritchey AT exeloncorp DOT com 
wrote:
> Vlad:
> 
> Please review the Amanda archives for discussions of the pitfalls of 
> using localhost as part of your backup configuration.  This is a 
> subject that has been beaten into submission quite thoroughly.
> 
> The short answer and general consensus from the Amanda community:
> 
>       Don't do it!!!
> 
> Donald L. (Don) Ritchey
> 
> -----Original Message-----
> From: Vlad Popa [mailto:vlad.popa AT sbg.ac DOT at]
> 
> Hi from  Austria!
> 
> I was wondering, if it might be possible to reduce the open ports 
> induced by amanda to the  local IP address (interface lo, 127.0.0.1) in 
> inetd.conf since I thought using amanda client and server on the same 
> machine. External nmap port scans of this server should not find any 
> open amanda ports.
> 
>>> End of included message <<<


I got the impression that Vlad wants to backup only one host,
the amanda server.  In that case, I don't think it is so bad
to use localhost in your DLE's etc.

Using firewall type software (ipfilter/iptables) or hardware,
couldn't access to those ports be restricted to the hosts IP?

Another brainstorming idea, most unix/linux systems allow one
network interface card to have multiple hostnames IP addresses
(virtual interfaces).  Perhaps you could setup a second, host
with open ports restricted to those amanda needs and don't
even touch the current setup.

-- 
Jon H. LaBadie                  jon AT jgcomp DOT com
 JG Computing
 4455 Province Line Road        (609) 252-0159
 Princeton, NJ  08540-4322      (609) 683-7220 (fax)