Networker
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Networker] firewall ports

2005-03-03 13:22:56
Subject: Re: [Networker] firewall ports
From: Anuj Mediratta <anuj AT ACE-DATA DOT COM>
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Date: Thu, 3 Mar 2005 23:46:44 +0530 
Hi Jon,

7937-9936 is the service ports. You can reduce them by calculating by the
formula -       2+3+2T+P+C where
i.      Where T is the no. of locally attached backup devices
ii.     P is the Server Parallelism.
iii.    C is the max. no. of clients to be backed up at a time.

What I know is you also need to open ports 10001-30000 for smooth
communication. In that case the nsrports command will have -C in place of
-S.

Recently, one of my customers has configured IPsec on Windows thereby
reducing the total port range to 3. I am not aware of the exact procedure.

For UNIX etc., you need to open all the ports. IPsec does not work.

Regards,
Anuj Mediratta
Phone: +919312634262
To know more about our services, do log on to www.ace-data.com
-----Original Message-----
From: Legato NetWorker discussion [mailto:NETWORKER AT LISTSERV.TEMPLE DOT EDU] 
On
Behalf Of Jon Fraley
Sent: Thursday, March 03, 2005 8:19 PM
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Subject: [Networker] firewall ports

So I have been to the Networker Advanced Administration class and was
told the only ports we need open on the firewall to back up a client are
7937-7938.  I have run nsrports -s chewie -S 7937-7941 on the client and
have the firewall configured likewise.  

Now running back ups we get connection time outs.  We see in the
firewall logs that the client and server are trying to connect on ports
outside the range specified.  Of course opening ports 7937-9936 on the
firewall solved the porblem, but we do not want that many ports open.

What gives?  Can we lock the client and server down to a few ports?

Jon

www.classmailbox.com

--
Note: To sign off this list, send a "signoff networker" command via email
to listserv AT listserv.temple DOT edu or visit the list's Web site at
http://listserv.temple.edu/archives/networker.html where you can
also view and post messages to the list. Questions regarding this list
should be sent to stan AT temple DOT edu
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=

--
Note: To sign off this list, send a "signoff networker" command via email
to listserv AT listserv.temple DOT edu or visit the list's Web site at
http://listserv.temple.edu/archives/networker.html where you can
also view and post messages to the list. Questions regarding this list
should be sent to stan AT temple DOT edu
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Networker] firewall ports, Jon Fraley
Next by Date:  [Networker] ndmp backups and licensing, David Gold-news
Previous by Thread:  [Networker] firewall ports, Jon Fraley
Next by Thread:  Re: [Networker] firewall ports, Donovan O'Brien
Indexes:  [Date] [Thread] [Top] [All Lists]