Amanda-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Still get ERROR [host fw.my.co.uk: port 62679 not secure] after I added my ipchain rule:

2006-02-14 11:05:16
Subject: Re: Still get ERROR [host fw.my.co.uk: port 62679 not secure] after I added my ipchain rule:
From: Chuck Amadi Systems Administrator <chuck AT smtl.co DOT uk>
To: Amanda List <amanda-users AT amanda DOT org>
Date: Tue, 14 Feb 2006 15:56:08 +0000 
Hi all

I have just edited my firewall and added a ipchain rule but I still got
an error as below:

Amanda Backup Client Hosts Check
--------------------------------
ERROR: server.my.co.uk: [host fw.smtl.co.uk: port 62679 not secure]
Client check: 4 hosts checked in 10.780 seconds, 1 problem found

Here is also my Amanda Debug file:
less /tmp/amanda/amandad.20060214163540.debug

Amanda 2.4 REQ HANDLE 003-D0990808 SEQ 1139931009
SECURITY USER amanda
SERVICE noop
OPTIONS features=ecfffeff9ffe0f;
--------

amandad: time 0.000: sending ack:
----
Amanda 2.4 ACK HANDLE 003-D0990808 SEQ 1139931009
----

amandad: time 0.006: sending REP packet:
----
Amanda 2.4 REP HANDLE 003-D0990808 SEQ 1139931009
ERROR [host fw.my.co.uk: port 62679 not secure]
----

amandad: time 0.007: got packet:
----
Amanda 2.4 ACK HANDLE 003-D0990808 SEQ 1139931009
----

I have setup my fw rules as below:

# Amanda Client - Enterprise random udp forks to Nemesis Server 
################################################################
ipchains -A input -i $EXTERNAL_INTERFACE -p udp -s 193.XX.XX.XXX
1001:1009 -j ACCEPT

ipchains -A input -i $EXTERNAL_INTERFACE -p udp -s 193.XX.XX.XXX
10080:10083  -j ACCEPT

Outgoing packets are allowed from behind our firewall and all forwaded
to our main file server that is the same server for amanda backup tape
server

I re compiled amanda client as below:

./configure --with-user=amanda --with-group=disk
--with-configdir=/etc/amanda --with-udpportrange=1001, 1009
--with-tcpportrange=11000, 11300

I haven't edited the /etc/services as I had read this does not effect
initial UDP request made from the amanda tape server.

I have read and digested learnt a few things but I am still having
issues using Amanda between hosts separated by a firewall using
ipchains.

Cheers for your help.



-- 
Unix/ Linux Systems Administrator
Chuck Amadi
The Surgical Material Testing Laboratory (SMTL), 
Princess of Wales Hospital 
Coity Road 
Bridgend, 
United Kingdom, CF31 1RQ.
Email chuck.smtl.co.uk
Tel: +44 1656 752820 
Fax: +44 1656 752830
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: WARNING: server.my.co.uk: selfcheck request timed out. Host down? this is a private IP address., Chuck Amadi Systems Administrator
Next by Date:  Re: Still get ERROR [host fw.my.co.uk: port 62679 not secure] after I added my ipchain rule:, Chuck Amadi Systems Administrator
Previous by Thread:  Re: [Fwd: Re: WARNING: server.my.co.uk: selfcheck request timed out. Host down? this is a private IP address.], Chuck Amadi Systems Administrator
Next by Thread:  Re: Still get ERROR [host fw.my.co.uk: port 62679 not secure] after I added my ipchain rule:, Chuck Amadi Systems Administrator
Indexes:  [Date] [Thread] [Top] [All Lists]