Veritas-bu
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Veritas-bu] Firewall Questions

2005-04-15 12:25:23
Subject: [Veritas-bu] Firewall Questions
From: juanino AT yahoo DOT com (Jerry)
Date: Fri, 15 Apr 2005 09:25:23 -0700 (PDT) 
Check out the vnetd and no-callback options.  You will
have much less ports to open that way (2 I believe). 
And with no-callback the client won't initiate a
connection back, so the firewall guys tend to like it
better.

--- "Weber, Philip" <Philip.Weber AT egg DOT com> wrote:

> Thanks.
> 
> 1.  New firewall change raised and argument with IT
> Security pending...
> 2.  For PC Java GUI, NBJAVA_CONNECT_OPTION=1 under
> {veritas
> install}\java\{master}.vrtsnbuj seems to do the
> trick ... another
> firewall change pending to open access to master
> server ports 13722,
> 13723 and 13724 (sigh).
> 
> -----Original Message-----
> From: veritas-bu-admin AT mailman.eng.auburn DOT edu
> [mailto:veritas-bu-admin AT mailman.eng.auburn DOT edu] On
> Behalf Of Paul
> Keating
> Sent: 14 April 2005 19:41
> To: veritas-bu AT mailman.eng.auburn DOT edu
> Subject: RE: [Veritas-bu] Firewall Questions
> 
> 
> 
> 
> > -----Original Message-----
> > From: veritas-bu-admin AT mailman.eng.auburn DOT edu 
> > [mailto:veritas-bu-admin AT mailman.eng.auburn DOT edu]
> On Behalf Of 
> > Weber, Philip
> > Sent: April 14, 2005 10:33 AM
> > To: veritas-bu AT mailman.eng.auburn DOT edu
> > Subject: [Veritas-bu] Firewall Questions
> > 
> > As I am getting return code 58 I
> > guess this is not enough, and that the clients
> have to be able to
> > initiate some communications with the
> master/media, even for scheduled
> > backups.  Can anyone confirm/deny?
> > 
> > I have opened
> > master/media --> client on 13782, 13720, 13724.
> 
> 
> Master server needs to be able to reach client via
> 13782.
> Client needs to be able to initiate connection back
> to the Master on
> 13724.
> 
> Netbackup doesn't use "sessions".
> The master tells the client it is ready for the
> backup (port 13782).
> The client then initiates its own connection back to
> the master on
> 13724.
> 
> Yeah, it sucks.
> 
> One option I've thought of, but haven't tried, is to
> have a script that
> starts an ssh connection to the client before the
> backup starts, then
> tear it down after the backup completes.....the
> tunnel would stay up for
> the client to request its connection back to the
> master server, without
> leaving holes in your firewall.
> 
> 
> > 
> > 2.  I have a separate 5.1MP2 environment to which
> I would like to be
> > able to connect using the Java GUI from my PC. 
> The master server is
> > behind a firewall relative to my PC.  I get a
> login box, but then get
> > the error "Unable to login, status: 506.  Can not
> connect to 
> > the NB-Java
> > service on <master> on port 1347...", where the
> port number changes on
> > each attempt.  Is it possible to limit this to a
> small set of ports?
> 
> Change "NBJAVA_CONNECT_OPTION=0" to
> "NBJAVA_CONNECT_OPTION=1" in
> /usr/openv/java/nbj.conf and it should use 13724,
> IIRC.
> 
> Paul
> 
> _______________________________________________
> Veritas-bu maillist  - 
> Veritas-bu AT mailman.eng.auburn DOT edu
>
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
> 
> -----------------------------------------
> Egg is a trading name of the Egg group of companies
> which includes: Egg plc
> (reg no 2448340), Egg Financial Products ltd (reg no
> 3319027), Egg
> International ltd (reg no 4059266), Egg Financial
> Intermediation ltd (reg
> no 382828), Egg Investments ltd (reg no 3403963) and
> Egg Banking plc (reg
> no 2999842.  Egg Investments Ltd, Egg Banking plc
> and Egg Financial
> Intermediation Ltd are authorised and regulated by
> the Financial Services
> Authority (FSA) and are entered in the FSA register
> under numbers 190518,
> 205621 and 309551 respectively. These members of the
> Egg group are
> registered in England and Wales. Registered offices:
> 1 Waterhouse Square,
> 138-142 Holborn, London EC1N 2NA.    This e-mail is
> confidential and for
> use by the addressee only.  If you are not the
> intended recipient of this
> e-mail and have received it in error, please return
> the message to the
> sender by replying to it and then delete it from
> your mailbox.  Internet
> e-mails are not necessarily secure. The Egg group of
> companies do not
> accept responsibility for changes made to this
> message after it was sent.
> Whilst all reasonable care has been taken to avoid
> the transmission of
> viruses, it is the responsibility of the recipient
> to ensure that the
> onward transmission, opening or use of this message
> and any attachments
> will not adversely affect its systems or data. No
> responsibility is
> accepted by the Egg group of companies in this
> regard and the recipient
> should carry out such virus and other checks as it
> considers appropriate.
> This communication does not create or modify any
> contract.
> 
> 
> _______________________________________________
> Veritas-bu maillist  - 
> Veritas-bu AT mailman.eng.auburn DOT edu
>
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
> 



                
__________________________________ 
Do you Yahoo!? 
Make Yahoo! your home page 
http://www.yahoo.com/r/hs
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Veritas-bu] cumulative behavior with a windows backup, Paul Keating
Next by Date:  [Veritas-bu] Disk storage staging unit groups, anyone?, Jimh
Previous by Thread:  [Veritas-bu] Firewall Questions, Weber, Philip
Next by Thread:  [Veritas-bu] Firewall Questions, Weber, Philip
Indexes:  [Date] [Thread] [Top] [All Lists]