Networker
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Networker] Backing up Networker clients in a VDMZ...

2009-06-08 12:51:51
Subject: [Networker] Backing up Networker clients in a VDMZ...
From: Matt Temple <mht AT RESEARCH.DFCI.HARVARD DOT EDU>
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Date: Mon, 8 Jun 2009 12:46:04 -0400 
Hello,

   We're running a Legato Networker Server with 2 additional storage
nodes.  The server version is 7.4.4, build 634.

   About a dozen of our clients need to be moved into a corporate DMZ.
Once in the DMZ, all necessary open ports, in both directions need to
be specifically listed.

For clients in the same security zone as the server we do run IPTABLES,
and we know that  the Networker server is happy when the following
ports are open on the clients:


# those below are for networker
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 7937 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 7938 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 7939 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 111 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 111 -j ACCEPT 

I assume those ports need to be open between the main network
and the DMZ for /outbound/ (server ==> client) connections.

We do not run IPTABLES on the Networker server right now.   I will
if I can resolve this issue. I find the explanation from Legato/EMC a
little confusing.   If anyone has gone through this exercise, can you
suggest what ports need to be open between the DMZ and the main
network for /inbound/ (client ==> server) connections?

As things now stand, the Networker server, storage nodes, and 80
clients are in the main network, and a dozen clients need to move
to the DMZ.

We'd all be deeply grateful (especially people in Information Security)
if anyone can help solve this.   Thank you.

Matt Temple

--
=============================================================
Matthew Temple                Tel:    617/632-2597
Director, Research Computing  Fax:    617/582-7820
Dana-Farber Cancer Institute  mht AT research.dfci.harvard DOT edu
44 Binney Street, LW/250      http://research.dfci.harvard.edu
Boston, MA 02115              Choice is the Choice!

To sign off this list, send email to listserv AT listserv.temple DOT edu and type 
"signoff networker" in the body of the email. Please write to networker-request 
AT listserv.temple DOT edu if you have any problems with this list. You can access the 
archives at http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Networker] Backing up Networker clients in a VDMZ..., Matt Temple <=
Previous by Date:  Re: [Networker] How to backup Index to remote server?, Marcel Hirter
Next by Date:  [Networker] NMC: Malformed reply from SOCKS server, Werth, Dave
Previous by Thread:  [Networker] Disable automatic unload, Werth, Dave
Next by Thread:  [Networker] NMC: Malformed reply from SOCKS server, Werth, Dave
Indexes:  [Date] [Thread] [Top] [All Lists]