Networker
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Networker] SUMMARY: iptables firewall blocking access to nsrexecd on client?

2005-10-03 20:14:22
Subject: [Networker] SUMMARY: iptables firewall blocking access to nsrexecd on client?
From: Gary Goldberg <og AT DIGIMARK DOT NET>
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Date: Mon, 3 Oct 2005 20:10:54 -0400 
(Regarding firewall issues with v6.1x Networker Linux client)

On Mon, 3 Oct 2005, Peter Viertel wrote:


Try making the INPUT port range 7937-9936.


I did this, and it didn't seem to have an effect. But I did try
applying the same configuration to a second, similarly configured
Linux server, and that machine *did not* have a problem with
"Service not available..,". So I'm beginning to believe it might
be a problem specific to that machine, and that perhaps setting only
7937-7938 open will work after all.


Also, definitely no need for the UDP rules.


Removed, and glad to know Networker doesn't use UDP calls. although
it makes sense -- integrity of the backup stream and all.


sometimes you can get error messages in /nsr/logs/daemon.log on the
client that can be helpful.


Checked before and after in all three trials, but nothing recorded.
Indeed, the daemon.log hasn't been updated on that client machine in
almost a year. Also seems like a good thing.


The Firewall support section in Chapter three of the 7.2 Unix Admin
guide is reasonably clear about what is happening, it even has diagrams.
http://web1.legato.com/infodev/publications/NetWorker/UNIX/7.2/uxag.pdf


Checked on it and it make sense -- confirming that a client should only
need the two ports open. The server is another story of course, with a
formula of open ports depending on the degree of parallelism used.


And maybe you could try the 7.2.1 client and see if it works with your
6.1.3 server.


I de-installed the 6.141 client and installed the 7.21 client, and the
error message ceased! Thus confirming that

 a. a 7.21 client will be backed up on a 6.14 server.
 b. Whatever condition was caused by the older client was corrected at
    some point.

Can anyone conjecture whether I will have any licensing issues or operational
issues if I continue to use the 7.21 linux client with my 6.x Windows server?

Thank you everyone, and especially Peter, for the assistance. -Gary

--
-- "You can't take a picture of this. It's already gone."
Gary Goldberg KA3ZYW <og AT digimark DOT net> V:301/249-6501 F:301/390-1955 
AIM:OgGreeb
Digital Marketing/Bowie MD/Systems & Networks Consult <http://www.digimark.net/>

To sign off this list, send email to listserv AT listserv.temple DOT edu and type 
"signoff networker" in the
body of the email. Please write to networker-request AT listserv.temple DOT edu 
if you have any problems
wit this list. You can access the archives at 
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Networker] Leftover NSR mount request resources, Darren Dunham
Next by Date:  [Networker] SUMMARY: iptables firewall blocking access to nsrexecd on client?, Riaan Louwrens
Previous by Thread:  Re: [Networker] iptables firewall blocking access to nsrexecd on client?, Gary Goldberg
Next by Thread:  [Networker] expiring clones/originals, Teresa Biehler
Indexes:  [Date] [Thread] [Top] [All Lists]