Hello,
We're running a Legato Networker Server with 2 additional storage
nodes. The server version is 7.4.4, build 634.
About a dozen of our clients need to be moved into a corporate DMZ.
Once in the DMZ, all necessary open ports, in both directions need to
be specifically listed.
For clients in the same security zone as the server we do run IPTABLES,
and we know that the Networker server is happy when the following
ports are open on the clients:
# those below are for networker
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 7937
-j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 7938
-j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 7939
-j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 111
-j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 111
-j ACCEPT
I assume those ports need to be open between the main network
and the DMZ for /outbound/ (server ==> client) connections.
We do not run IPTABLES on the Networker server right now. I will
if I can resolve this issue. I find the explanation from Legato/EMC a
little confusing. If anyone has gone through this exercise, can you
suggest what ports need to be open between the DMZ and the main
network for /inbound/ (client ==> server) connections?
As things now stand, the Networker server, storage nodes, and 80
clients are in the main network, and a dozen clients need to move
to the DMZ.
We'd all be deeply grateful (especially people in Information Security)
if anyone can help solve this. Thank you.
Matt Temple
--
=============================================================
Matthew Temple Tel: 617/632-2597
Director, Research Computing Fax: 617/582-7820
Dana-Farber Cancer Institute mht AT research.dfci.harvard DOT edu
44 Binney Street, LW/250 http://research.dfci.harvard.edu
Boston, MA 02115 Choice is the Choice!
To sign off this list, send email to listserv AT listserv.temple DOT edu and type
"signoff networker" in the body of the email. Please write to networker-request
AT listserv.temple DOT edu if you have any problems with this list. You can access the
archives at http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
|