Ross,
Consider the security implications carefully when thinking about dangling a NBU
Media Server on the other side of your firewall. Once your media server is
compromised, it is trivial through netbackup to do all manner of devious things
through this trust.
A better alternative would be to treat your NBU landscape on the other side of
the firewall as it's own master server; a troublesome proposition if you were
wanting to share a library between the inside and outside world (unless you had
STK & ACSLS on your side...)
skip
On Thu, 16 November 2000, "Everett, Craig" wrote:
>
> Let me rephrase the port definition:
>
> It should be for the client:
> CLIENT PORTS
> (13000 ports are for daemons listening at the client and 512-5000 send data
> to tape)
> 512-5000
> 13720
> 13782
>
> SERVER PORTS-
> (13000 ports are for server daemons to listen and initiate communications,
> server initiates most backup comms unless the operation is user directed)
> Depending on what your server is doing, you may be able to rule out some of
> these 13000 ports. I was able to get rid of about half of them for the
> server.
> 512-5000
> 13701
> 13702
> 13705
> 13706
> 13708
> 13709
> 13710
> 13711
> 13712
> 13713
> 13714
> 13715
> 13716
> 13717
> 13718
> 13720
> 13721
> 13722
> 13782
> 13783
>
>
> -----Original Message-----
> From: John_Wang AT enron DOT net [mailto:John_Wang AT enron DOT net]
> Sent: Thursday, November 16, 2000 11:29 AM
> To: Craig_Everett AT intuit DOT com
> Cc: parker AT bctm DOT com; veritas-bu AT mailman.eng.auburn DOT edu
> Subject: RE: [Veritas-bu] Firewalls & backups
>
>
>
>
> Hello Craig
>
> Would that be destination ports or source ports? From the server to the
> client
> or client to the server? How are the ports used, are some control ports to
> which the daemons listen to while the rest are data channels for the bulk
> transfer? Who initiates the data channels, client or server?
>
> Regards,
> John I Wang
> Sr. Systems Engineer
> Steverson Information Professionals
>
> ---
> Enron Broadband Services
> Enron Building 1472c
> ph (713) 345-4291
> fax (713) 646-8063
>
>
> |--------+------------------------>
> | | Craig_Everett@|
> | | intuit.com |
> | | |
> | | 10/12/00 06:20|
> | | PM |
> | | |
> |--------+------------------------>
>
> >---------------------------------------------------------------------------
> -|
> |
> |
> | To: parker AT bctm DOT com, veritas-bu AT mailman.eng.auburn
> DOT edu
> |
> | cc: (bcc: John Wang/Contractor/Enron Communications)
> |
> | Subject: RE: [Veritas-bu] Firewalls & backups
> |
>
> >---------------------------------------------------------------------------
> -|
>
>
>
> ===================================================
> >CLIENT PORTS
> >512-5000
> >13720
> >13782
> >
> >SLAVE PORTS
> >512-5000
> >13701
> >13702
> >13705
> >13706
> >13708
> >13709
> >13710
> >13711
> >13712
> >13713
> >13714
> >13715
> >13716
> >13717
> >13718
> >13720
> >13721
> >13722
> >13782
> >13783
>
> -----Original Message-----
> From: parker AT bctm DOT com [mailto:parker AT bctm DOT com]
> Sent: Thursday, October 12, 2000 4:08 PM
> To: veritas-bu AT mailman.eng.auburn DOT edu
> Subject: [Veritas-bu] Firewalls & backups
>
>
> Hi,
>
> Does anyone know what ports need to be permitted through a firewall to
> support having a media server on one side and the master server on the
> other side of the firewall? Both for backups and restores, of course.
>
> I could have sworn I've seen this info before, but now can only find
> info on having servers and clients separated by a firewall.
>
> Cheers,
>
> Ross
> --
> Ross Parker | UNIX Sys Admin, Perl and C,
> Systems/Network Admin | Networking and security
> Telus Mobility |
> | Lisp has all the visual appeal of oatmeal
> parker AT bctm DOT com | with fingernail clippings mixed in (Larry
> Wall)
|
