Networker
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Networker] DMZ backup not working

2005-12-13 13:37:08
Subject: Re: [Networker] DMZ backup not working
From: Anuj Mediratta <anuj AT ACE-DATA DOT COM>
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Date: Tue, 13 Dec 2005 23:57:21 +0530 
Hi Osay,

Have you been able to resolve the problem?

I would be keen to know the solution that finally worked for you. Please let
me know the same when you have resolved it.

Regards,
Anuj Mediratta
Phone: +919312634262
To know more about our services, do log on to www.ace-data.com

-----Original Message-----
From: Anuj Mediratta [mailto:anuj AT ace-data DOT com] 
Sent: Friday, December 09, 2005 6:51 PM
To: 'Legato NetWorker discussion'; 'Davina Treiber'
Subject: RE: [Networker] DMZ backup not working

Hi Davina,

Thanks for this.

I think we are getting mixed up somewhere between what I think as
Communication ports with what you are calling as source ports.

Sorry, I am not too sure about what are source & destination ports and
whether they are same as service and communication ports. Please help me
understand the same.

Also what you are trying to achieve through nsrports is perhaps the same as
what we do using Options->Configure ports on the backup server.

When I configure firewalls, I take care of -

1.      Disabling NAT.
2.      Service Ports of the range 7937-9936 but I open only the ones
required as per the documented calculation (Tech. Bulletin 388).
3.      Communication Ports - 10001 to 30001 (Legato Recommends).
4.      Options->Configure Ports and definitely restart the services.

I had got this experience after one of the firewall failures wherein Legato
Support helped me conclude the above 4 and have been working good for me in
three other setups configured by me.

Regards,
Anuj

To know more about our services, do log on to www.ace-data.com

-----Original Message-----
From: Legato NetWorker discussion [mailto:NETWORKER AT LISTSERV.TEMPLE DOT EDU] 
On
Behalf Of Davina Treiber
Sent: Friday, December 09, 2005 5:18 PM
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Subject: Re: [Networker] DMZ backup not working

Anuj Mediratta wrote:
> Hi,
> 
> 1.    NAT should be disabled.
> 2.    For communication, you should open all ports irrespective of any
> calculations - 10001-30001.
> 3.    Configure these selected ports in the networker window by selecting
> the same for the given client. Options->configure ports.
> 

I don't like doing this, but this is the second time in recent days that 
I have had to advise someone to ignore advice from this user, on the 
grounds that is it totally wrong.

The port range from 10001 to 30001 is a range of SOURCE ports, not 
destination ports. Most (possibly all?) firewalls don't filter on source 
ports so in most (all?) cases it is NOT necessary or even useful to open 
this port range.

Here is my own summary of port usage for firewall backups:

(1)     The service port range setting on the client needs to be 7937-7938

(2)     The service port range on the server - adjust to taste based on 
all the other info supplied from various sources. Leave it as the full 
range if you are allowed.

(3)     Connection ports - unless your firewall is doing filtering based 
on source ports there is no need to mess with it, just use the defaults.

(4)     There is no need to open up connection ports in the firewall, 
even at 7.1.x. Connection ports are SOURCE ports.

(5)     If you run nsrports on the NetWorker server to modify a port 
range you MUST restart NetWorker. I have not seen this documented 
anywhere and this wasted several days of my time. I only discovered this 
by guesswork. I am not sure whether the same applies for clients, I 
think not. I don't know whether or not it applies to storage nodes.

To sign off this list, send email to listserv AT listserv.temple DOT edu and 
type
"signoff networker" in the
body of the email. Please write to networker-request AT listserv.temple DOT edu 
if
you have any problems
wit this list. You can access the archives at
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER

To sign off this list, send email to listserv AT listserv.temple DOT edu and 
type "signoff networker" in the
body of the email. Please write to networker-request AT listserv.temple DOT edu 
if you have any problems
wit this list. You can access the archives at 
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Networker] Barcode labels?, Jim Ruskowsky
Next by Date:  Re: [Networker] licensing requirements for driving library's drives with > 1 server, Tim Mooney
Previous by Thread:  Re: [Networker] DMZ backup not working, Kilpatrick, Mark
Next by Thread:  [Networker] AW: [Networker] Networker Problem: Unable to Receive from Client side and Unable to send from server side, Grohal, Klaus
Indexes:  [Date] [Thread] [Top] [All Lists]