I believe these are the ports which need to be opened; you may not need them
all if you don't do database backups or use enhanced authorisation, i.e. it
would boil down to 13782 and 13724.
You also need to add each clients in to the "client attributes" section of
the master server properties (using jnbSA) and set each one to "no
connect-back".
I'd be interested if there is an easier way of doing this, e.g. a text file
to amend instead of using the GUI.

 From IP         To IP           To Port         tcp
 <media>         clients         13782 (bpcd)    tcp
 clients         <media>         13724 (vnetd)   tcp
 clients         <master>        13720 (bprd)    tcp     # to allow user
bkp/rst and db bkps
 clients         <master>        13724 (vnetd)   tcp     # to allow db bkps
 <master>        clients         13782 (bpcd)    tcp     # to allow db bkps
 <master>        clients         13783 (vopied)  tcp     # enh auth (opt?)
 <clients>       master          13782 (bpcd)    tcp     # to allow install

Phil

-----Original Message-----
From: Goldfarb, Josh [mailto:Josh.Goldfarb AT blackrock DOT com
<mailto:Josh.Goldfarb AT blackrock DOT com> ]
Sent: 01 March 2004 17:58
To: veritas-bu AT mailman.eng.auburn DOT edu
Subject: [Veritas-bu] DMZ backups and configuration


Currently we have a screened subnet setup and we don't currently backup in
the DMZ because we are running Netbackup 3.41 Datacenter.  We are upgrading
to either 4.5 or 5.0, and I am currently look at technote 237797 and on page
460 of the Sysadmin 5.0 admin guide.  If I read that correctly,  And I just
have clients out in the DMZ, we should only have to open the ports for the
bpcd, (13782,13783)
Or am I totally of base here. I know there is new feature in 4.5 and 5.0
called VNETD. Does Veritas Network Daemon really have a "no call-back"
method and if so, is port 13724 the only port that needs to be opened?  Or
does the port for the process BPCD need to be opened as well?
If I read this correctly, VnetD transfers a socket from itself to another
process on the same machine.  But my questions (might be dumb) what does
that actually mean?
Thanks So Much
Josh




Josh Goldfarb
BlackRock Financial Management Inc.
BlackRock Solutions - Technology USA
40 East 52nd Street
NY, NY 10022
Phone: 212.409.3702 


This private and confidential e-mail has been sent to you by Egg.
The Egg group of companies includes Egg Banking plc
(registered no. 2999842), Egg Financial Products Ltd (registered
no. 3319027) and Egg Investments Ltd (registered no. 3403963) which
is authorised and regulated by the Financial Services Authority. Egg
Investments Ltd. is entered in the FSA register under number 190518. 

Registered in England and Wales. Registered offices: 1 Waterhouse
Square, 138-142 Holborn, London EC1N 2NA.

If you are not the intended recipient of this e-mail and have received
it in error, please notify the sender by replying with 'received in
error' as the subject and then delete it from your mailbox.