Re: amrecover from the DMZ

On Thu, Nov 10, 2005 at 02:32:41PM -0500, Guy Dallaire enlightened us:
> 2005/11/10, Matt Hyclak <hyclak AT math.ohiou DOT edu>:
> > On Thu, Nov 10, 2005 at 01:53:22PM -0500, Guy Dallaire enlightened us:
> > > My amanda tape server is in the internal network. I backup a couple of
> > > host from our DMZ. I configured amanda with specific UDP and TCP port
> > > ranges that I gave to the netowrk admin so he could configure the
> > > firewall properly. So far so good, I can successfully backup my DMZ
> > > hosts.
> > >
> > > But this morning, I tried to use amrecover, and it does not seem to
> > > work from the DMZ hosts. It hangs at "contacting server on
> > > tape-sever-host.mydomain"...
> > >
> > > Looks like some hole has to be punched in the firewall in order to 
> > > recover.
> > >
> > > Which ports does amrecover use to contact the tape server ?
> > >
> >
> > 10082 tcp and 10083 tcp.
> >
> > Matt
> >
> 
> I've built it with:
> 
> --with-tcpportrange=50000,50100 --with-udpportrange=850,859
> 
> Does this mean I have to open port range 50000-50100 ?

http://www.amanda.org/docs/portusage.html#id2561495 has more information. It
looks like as long as the clients can connect to tcp 10082 and 10083 on the
server, and return traffic is permitted, then amrecover from the DMZ will
function correctly.

Matt

-- 
Matt Hyclak
Department of Mathematics 
Department of Social Work
Ohio University
(740) 593-1263