Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bacula-users] Firewall fun

2009-06-23 11:10:03
Subject: Re: [Bacula-users] Firewall fun
From: Dirk Bartley <dbartley AT schupan DOT com>
To: Matthew Komar <mkomar AT serverrack DOT net>
Date: Tue, 23 Jun 2009 11:04:21 -0400 
Sure,  iptables allows for connection based rules as well as the old
ipchains style rules based rules.

So your probably using connection based rules like :
iptables -A INPUT -p tcp -m state --state ESTABLISHED -j ACCEPT 
iptables -A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT

just add something like

iptables -A INPUT -p tcp --source fd_dmz_ipaddress --destination
sd_internal_address --dport 9103 ACCEPT

Or something to that effect.  This just accepts without considering
whether a connection has been established.  At least that's my
understanding of it, I've been less than perfect before though.

Dirk

On Tue, 2009-06-23 at 10:20 -0400, Matthew Komar wrote:
> I'm having a similar issue with a machine that is behind a pfSense 
> firewall (which is iptables based). Do you have a quick fix for me?
> 
> Dirk Bartley wrote:
> > Greetings
> >
> > Moved a machine into a dmz behind a pix515e firewall.  Created a rule to
> > allow the fd to connect to the sd and it seems to work, except for one
> > little peculiarity on a larger backup job.
> >
> > On a server that backs up about 60GB, it fails at the very tail end of
> > the backup.  The firewall log is showing that it is tearing down the tcp
> > connection due to a TCP Reset-I then denying the connection a bit later.
> >
> > I'm not finding much I can do in the firewall to solve the issue.  I was
> > contemplating putting a direct connection cable beween the fd and the sd
> > to solve this.  (Darn cisco, if this firewall was iptables, a solution
> > would be easy)
> >
> > Anybody have any other ideas??
> >
> > Thanks in advance for any assistance.
> >
> > Dirk
> >



------------------------------------------------------------------------------
Are you an open source citizen? Join us for the Open Source Bridge conference!
Portland, OR, June 17-19. Two days of sessions, one day of unconference: $250.
Need another reason to go? 24-hour hacker lounge. Register today!
http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bacula-users] (no subject), John Drescher
Next by Date:  Re: [Bacula-users] File daemon at .... rejected Hello command, Gavin McCullagh
Previous by Thread:  [Bacula-users] Firewall fun, Dirk Bartley
Next by Thread:  Re: [Bacula-users] Firewall fun, Arno Lehmann
Indexes:  [Date] [Thread] [Top] [All Lists]