|
Re: [Networker] DMZ backup not working
2005-12-09 07:46:13
Thanks for the advice. I don't think Anuj will take this badly either.
We're all here to learn from each other. I'll try this and get back to
the list with the results.
------------------------------------
African Development Bank
YUUNI, Osay Osman
Snr Network Engineer
o.yuuni AT afdb DOT org
oyuuni AT ieee DOT org
13 Avenue du Ghana
BP 323
1002 Tunis Belvedere
Tunisia
tel: (216) 71102581
mobile: (216) 97 47 87 60
------------------------------------
-----Original Message-----
From: Legato NetWorker discussion [mailto:NETWORKER AT LISTSERV.TEMPLE DOT EDU]
On Behalf Of Davina Treiber
Sent: Friday, December 09, 2005 12:48 PM
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Subject: Re: [Networker] DMZ backup not working
Anuj Mediratta wrote:
> Hi,
>
> 1. NAT should be disabled.
> 2. For communication, you should open all ports irrespective of any
> calculations - 10001-30001.
> 3. Configure these selected ports in the networker window by
selecting
> the same for the given client. Options->configure ports.
>
I don't like doing this, but this is the second time in recent days that
I have had to advise someone to ignore advice from this user, on the
grounds that is it totally wrong.
The port range from 10001 to 30001 is a range of SOURCE ports, not
destination ports. Most (possibly all?) firewalls don't filter on source
ports so in most (all?) cases it is NOT necessary or even useful to open
this port range.
Here is my own summary of port usage for firewall backups:
(1) The service port range setting on the client needs to be
7937-7938
(2) The service port range on the server - adjust to taste based on
all the other info supplied from various sources. Leave it as the full
range if you are allowed.
(3) Connection ports - unless your firewall is doing filtering based
on source ports there is no need to mess with it, just use the defaults.
(4) There is no need to open up connection ports in the firewall,
even at 7.1.x. Connection ports are SOURCE ports.
(5) If you run nsrports on the NetWorker server to modify a port
range you MUST restart NetWorker. I have not seen this documented
anywhere and this wasted several days of my time. I only discovered this
by guesswork. I am not sure whether the same applies for clients, I
think not. I don't know whether or not it applies to storage nodes.
To sign off this list, send email to listserv AT listserv.temple DOT edu and
type "signoff networker" in the
body of the email. Please write to networker-request AT listserv.temple DOT edu
if you have any problems
wit this list. You can access the archives at
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
To sign off this list, send email to listserv AT listserv.temple DOT edu and
type "signoff networker" in the
body of the email. Please write to networker-request AT listserv.temple DOT edu
if you have any problems
wit this list. You can access the archives at
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
|
|
|
