On Mon, Apr 25, 2005 at 01:04:06PM -0500, donald.ritchey AT exeloncorp DOT com
wrote:
> Vlad:
>
> Please review the Amanda archives for discussions of the pitfalls of
> using localhost as part of your backup configuration. This is a
> subject that has been beaten into submission quite thoroughly.
>
> The short answer and general consensus from the Amanda community:
>
> Don't do it!!!
>
> Donald L. (Don) Ritchey
>
> -----Original Message-----
> From: Vlad Popa [mailto:vlad.popa AT sbg.ac DOT at]
>
> Hi from Austria!
>
> I was wondering, if it might be possible to reduce the open ports
> induced by amanda to the local IP address (interface lo, 127.0.0.1) in
> inetd.conf since I thought using amanda client and server on the same
> machine. External nmap port scans of this server should not find any
> open amanda ports.
>
>>> End of included message <<<
I got the impression that Vlad wants to backup only one host,
the amanda server. In that case, I don't think it is so bad
to use localhost in your DLE's etc.
Using firewall type software (ipfilter/iptables) or hardware,
couldn't access to those ports be restricted to the hosts IP?
Another brainstorming idea, most unix/linux systems allow one
network interface card to have multiple hostnames IP addresses
(virtual interfaces). Perhaps you could setup a second, host
with open ports restricted to those amanda needs and don't
even touch the current setup.
--
Jon H. LaBadie jon AT jgcomp DOT com
JG Computing
4455 Province Line Road (609) 252-0159
Princeton, NJ 08540-4322 (609) 683-7220 (fax)
|