Amanda-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

iptables and amanda

2005-08-04 22:54:17
Subject: iptables and amanda
From: "Jason 'XenoPhage' Frisvold" <friz AT godshell DOT com>
To: amanda-users AT amanda DOT org
Date: Thu, 04 Aug 2005 22:26:35 -0400 
Greetings,

I'm been struggling a bit with amanda and iptables.  I can't seem to get
them to play nice.  I'm aware of the ip_conntrack_amanda module, so I
loaded that.  I then crafted my iptables like this :

*filter
:INPUT DROP [3:431]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
# Input Chain
# SSH and Amanda from Server Farm
-A INPUT -s 192.168.0.0/255.255.255.0 -p tcp -m multiport --dport
22,10082,10083 -j ACCEPT
# Established sessions
-A INPUT -p icmp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT
# Reject ICMP from unauthorized hosts
-A INPUT -p icmp -j REJECT --reject-with icmp-port-unreachable
# Log everything else
-A INPUT -j LOG --log-prefix "FIREWALL "

# Output chain
# Established Sessions
-A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -p icmp -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p udp -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
# Log everything else
-A OUTPUT -j LOG --log-prefix "FIREWALL "
COMMIT


Local backups on the server work fine.  However, client backups fail. 
Checking the logs on the client, I see this in the sendbackup log :

sendbackup: try_socksize: send buffer size is 65536
sendbackup: time 0.001: stream_server: waiting for connection: 0.0.0.0.54803
sendbackup: time 0.001: stream_server: waiting for connection: 0.0.0.0.54804
sendbackup: time 0.001: stream_server: waiting for connection: 0.0.0.0.54805
sendbackup: time 0.001: waiting for connect on 54803, then 54804, then 54805
sendbackup: time 29.993: stream_accept: timeout after 30 seconds
sendbackup: time 29.994: timeout on data port 54803
sendbackup: time 59.986: stream_accept: timeout after 30 seconds
sendbackup: time 59.986: timeout on mesg port 54804
sendbackup: time 89.979: stream_accept: timeout after 30 seconds
sendbackup: time 89.979: timeout on index port 54805
sendbackup: time 89.979: pid 13884 finish time Thu Aug  4 21:46:25 2005

So, I disabled iptables entirely on the server.  Backup worked fine.  I
then tried adding an allow all line to the iptables config like this :

-A INPUT -s 192.168.0.0/255.255.255.0 -j ACCEPT

That didn't work.  So, I removed ip_conntrack_amanda and tried again. 
Successful backup.

So is there just a major problem with ip_conntrack_amanda, or am I not
using it right?  How should I set up iptables to handle this?

Thanks!

-- 
---------------------------
Jason 'XenoPhage' Frisvold
Engine / Technology Programmer
friz AT godshell DOT com
RedHat Certified - RHCE # 803004140609871
MySQL Pro Certified - ID# 207171862
MySQL Core Certified - ID# 205982910
---------------------------
"Something mysterious is formed, born in the silent void. Waiting alone and 
unmoving, it is at once still and yet in constant motion. It is the source of 
all programs. I do not know its name, so I will call it the Tao of Programming."
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: data timeout error, LaValley, Brian E
Next by Date:  Re: iptables and amanda, Frank Smith
Previous by Thread:  data timeout error, LaValley, Brian E
Next by Thread:  Re: iptables and amanda, Frank Smith
Indexes:  [Date] [Thread] [Top] [All Lists]