[Networker] iptables firewall blocking access to nsrexecd on client?
2005-10-02 11:08:42
Hello. I'm using a NetWorker 6.13 Windows backup server and jukebox with 7 other
clients, mostly RH9 Linux and a Win2K server. Everything was going fine for the
most part.
I've been working to beef up the iptables firewall on one of the linux servers
in
response to the recent security vulnerability reported
http://www.legato.com/support/websupport/product_alerts/081605_NW-7x.htm
Since Legato is not going to release a patch for version 6 NetWorker, and since
I really should have this firewalled anyway, (the servers are publicly
accessible
web and mail servers). I added these iptable entries on the client:
# Accept Legato Networker
-A INPUT -p tcp -m tcp -s {backup.server} --dport 7937:7938 -j ACCEPT
-A INPUT -p udp -m udp -s {backup.server} --dport 7937:7938 -j ACCEPT
and I have FORWARD and INPUT default polices DROP, OUTPUT policy ACCEPT. The
machine has
only one LAN interface (eth0) and I have also set this rule on the loopback
interface:
-A INPUT -i lo -j ACCEPT
Plus a general:
-A OUTPUT -j ACCEPT
Here's the problem -- since activating the iptables configuration, the nightly
backup still runs successfully, but I get this error message in the Group
report:
* client:/ NetWorker: Cannot contact nsrexecd service on client.digimark.net,
Service not available.
V client: / level=full, 1485 MB 00:23:20 84893 files
* client:/boot NetWorker: Cannot contact nsrexecd service on
client.digimark.net,
Service not available.
V client: /boot level=full, 10 MB 00:00:10 39 files
...
and so on. The backup *is* working though. When I look for running nsrexecd on
the client, I get this:
[user@client mail]$ ps -efH | grep nsr
user 6687 6510 0 10:53 pts/1 00:00:00 grep nsr
root 5703 1 0 Oct01 ? 00:00:00 /usr/sbin/nsrexecd
root 5705 5703 0 Oct01 ? 00:00:00 /usr/sbin/nsrexecd
So both expected nsrexed instances are running (daemon and portmapper).
Clearly the problem is the iptables firewall is interfering. Can anyone suggest
what additional rules I should add or tweak to the configuration so that the
backup server can reach the client properly?
Thanks in advance. -Gary
--
-- "You can't take a picture of this. It's already gone."
Gary Goldberg KA3ZYW <og AT digimark DOT net> V:301/249-6501 F:301/390-1955
AIM:OgGreeb
Digital Marketing/Bowie MD/Systems & Networks Consult <http://www.digimark.net/>
To sign off this list, send email to listserv AT listserv.temple DOT edu and type
"signoff networker" in the
body of the email. Please write to networker-request AT listserv.temple DOT edu
if you have any problems
wit this list. You can access the archives at
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
|
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [Networker] iptables firewall blocking access to nsrexecd on client?,
Gary Goldberg <=
|
|
|