Re: Still get ERROR [host fw.my.co.uk: port 62679 not secure] after I added my ipchain rule:
2006-02-14 11:05:16
Hi all
I have just edited my firewall and added a ipchain rule but I still got
an error as below:
Amanda Backup Client Hosts Check
--------------------------------
ERROR: server.my.co.uk: [host fw.smtl.co.uk: port 62679 not secure]
Client check: 4 hosts checked in 10.780 seconds, 1 problem found
Here is also my Amanda Debug file:
less /tmp/amanda/amandad.20060214163540.debug
Amanda 2.4 REQ HANDLE 003-D0990808 SEQ 1139931009
SECURITY USER amanda
SERVICE noop
OPTIONS features=ecfffeff9ffe0f;
--------
amandad: time 0.000: sending ack:
----
Amanda 2.4 ACK HANDLE 003-D0990808 SEQ 1139931009
----
amandad: time 0.006: sending REP packet:
----
Amanda 2.4 REP HANDLE 003-D0990808 SEQ 1139931009
ERROR [host fw.my.co.uk: port 62679 not secure]
----
amandad: time 0.007: got packet:
----
Amanda 2.4 ACK HANDLE 003-D0990808 SEQ 1139931009
----
I have setup my fw rules as below:
# Amanda Client - Enterprise random udp forks to Nemesis Server
################################################################
ipchains -A input -i $EXTERNAL_INTERFACE -p udp -s 193.XX.XX.XXX
1001:1009 -j ACCEPT
ipchains -A input -i $EXTERNAL_INTERFACE -p udp -s 193.XX.XX.XXX
10080:10083 -j ACCEPT
Outgoing packets are allowed from behind our firewall and all forwaded
to our main file server that is the same server for amanda backup tape
server
I re compiled amanda client as below:
./configure --with-user=amanda --with-group=disk
--with-configdir=/etc/amanda --with-udpportrange=1001, 1009
--with-tcpportrange=11000, 11300
I haven't edited the /etc/services as I had read this does not effect
initial UDP request made from the amanda tape server.
I have read and digested learnt a few things but I am still having
issues using Amanda between hosts separated by a firewall using
ipchains.
Cheers for your help.
--
Unix/ Linux Systems Administrator
Chuck Amadi
The Surgical Material Testing Laboratory (SMTL),
Princess of Wales Hospital
Coity Road
Bridgend,
United Kingdom, CF31 1RQ.
Email chuck.smtl.co.uk
Tel: +44 1656 752820
Fax: +44 1656 752830
|
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: Still get ERROR [host fw.my.co.uk: port 62679 not secure] after I added my ipchain rule:,
Chuck Amadi Systems Administrator <=
|
|
|