Re: Firewall, amanda client and ports - wishlist?
2007-07-18 10:13:19
On Wed, Jul 18, 2007 at 03:16:24PM +0200, Marc Muehlfeld wrote:
> Hi,
>
> Charles Stroom schrieb:
> > amcheck reports no problem.
>
> amcheck doesn't use the full source/destination portrange like amdump.
>
>
>
> > On the client, I have opened TCP/UDP port 10080, and TCP
> > ports 10082 and 10083, because I seem to have seen something like that
> > when googling.
>
> You need only 10080 on the client. 10082 (amandaidx) and 10083 (amidxtape)
> you have on your index-/tapeserver.
>
>
> But also the server connects do different ports. You can limit this for a
> better and more tight firewall-configuration when you set --with-portrange
> and --with-udpportrange at configure. I used
>
> ./configure ..... --with-portrange=50000,50150 --with-udpportrange=850,900
>
With the increasing use of pre-built amanda binaries and
the ever increasing concern for security, isn't it about
time to make port usage a run time parameter? Probably
a dumptype parameter so that it could be varied with
the host?
jl
--
Jon H. LaBadie jon AT jgcomp DOT com
JG Computing
4455 Province Line Road (609) 252-0159
Princeton, NJ 08540-4322 (609) 683-7220 (fax)
|
|
|