This is a multi-part message in MIME format.
--------------070204010803000506090802
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
He needs these ports opened between the MEDIA server and client not the
MASTER server and client. Furthermore, he needs 13722 between the MASTER
server and client if he wants to be able to administer the client
properties via the GUI on the MASTER server.
Paul Keating wrote:
>Having a hard time following what you've got there.
>
>so....
>
>Here's what I have:
>
>Ensure your firewall has the following ports open:
>13782 Master server to Client
>13724 Client to Master Server.
>
>Ensure client can resolve name of master server via whatever name
>service it is using, and ensure the master server can resolve the name
>of the client.
>
>In Netbackup GUI, go to:
>Host Properties -> Master Servers -> click on *your master*, then Right
>click -> properties.
>
>Go to "Client Attributes"
>Add the name of the firewalled client, select it, then check "no connect
>back" and apply the change.
>
>no need to bounce daemons
>
>add the client to a policy and back it up.
>
>FWIW, in Host Properties of the master server, under the "firewall"
>tab....nothing is selected, checked, entered, or otherwise
>identified...completely blank...default.
>Under Port ranges, everything is also default. check marks in "Use
>random port assignment" and "use OS selected non-reserved ports"
>
>Paul
>-----Original Message-----
>From: Jeff Lightner [mailto:jlightner AT water DOT com]
>Sent: February 7, 2006 12:14 PM
>To: Paul Keating; veritas-bu AT mailman.eng.auburn DOT edu
>Subject: RE: [Veritas-bu] Error 58 got me stumped
>
>
>Hmmm - Prior to having my security admin open all ports between them I
>had changed host properties on the master to use vnetd only in firewall
>for a specific client name. This changed the error but the bpcd log
>was showing many ports other than vnetd being attempted and they were
>random.
>
>Based on what you said also in host properties I've now told the client
>to use vnetd only in firewall for the master. Doing a run of the
>backup after that I still see it opening all sorts of ports in the bpcd
>log and have verified it is in fact opening such ports by running lsof
>against bpcd and bpkar on the client. (Note: I also verified these
>ports are being opened between client and master not just internal to
>the client.)
>
>Do I need to restrict port range to just 13724 in host properties to
>force it to use vnetd despite having selected vnetd in the firewall
>setting already?
>
>
>
>
>------------------------------------------------------------------------
>
>====================================================================================
>
>La version française suit le texte anglais.
>
>------------------------------------------------------------------------------------
>
>This email message from the Bank of Canada is given in good faith, and shall
>not be
>binding or construed as constituting any obligation on the part of the Bank.
>
>This email may contain privileged and/or confidential information, and the
>Bank of
>Canada does not waive any related rights. Any distribution, use, or copying of
>this
>email or the information it contains by other than the intended recipient is
>unauthorized. If you received this email in error please delete it immediately
>from
>your system and notify the sender promptly by email that you have done so.
>
>Recipients are advised to apply their own virus checks to this message upon
>receipt.
>
>------------------------------------------------------------------------------------
>
>L'information communiquée dans les courriels en provenance de la Banque du
>Canada
>est soumise de bonne foi, mais elle ne saurait lier la Banque et ne doit
>aucunement
>être interprétée comme constituant une obligation de sa part.
>
>Le présent courriel peut contenir de l'information privilégiée ou
>confidentielle.
>La Banque du Canada ne renonce pas aux droits qui s'y rapportent. Toute
>diffusion,
>utilisation ou copie de ce courriel ou des renseignements qu'il contient par
>une
>personne autre que le ou les destinataires désignés est interdite Si vous
>recevez
>ce courriel par erreur, veuillez le supprimer immédiatement et envoyer sans
>délai Ã
>l'expéditeur un message électronique pour l'aviser que vous avez éliminé
>de votre
>ordinateur toute copie du courriel reçu.
>
>Dès la réception du présent message, le ou les destinataires doivent
>activer leur
>programme de détection de virus pour éviter toute contamination possible.
>
>
--
===================================
Steven L. Sesar
Senior Operating Systems Programmer/Analyst
UNIX Application Services R101
The MITRE Corporation
202 Burlington Road - KS101
Bedford, MA 01730
tel: (781) 271-7702
fax: (781) 271-2600
mobile: (617) 893-9635
email: ssesar AT mitre DOT org
===================================
--------------070204010803000506090802
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
He needs these ports opened between the MEDIA server and client not the
MASTER server and client. Furthermore, he needs 13722 between the
MASTER server and client if he wants to be able to administer the
client properties via the GUI on the MASTER server.<br>
<br>
<br>
<br>
Paul Keating wrote:
<blockquote
cite="mid4A14D0A1A982B04B8DFC50EBDB81D0A203CEB786 AT
BOC-EXMAIL1.bocad.bank-banque-canada DOT ca"
type="cite">
<pre wrap="">Having a hard time following what you've got there.
so....
Here's what I have:
Ensure your firewall has the following ports open:
13782 Master server to Client
13724 Client to Master Server.
Ensure client can resolve name of master server via whatever name
service it is using, and ensure the master server can resolve the name
of the client.
In Netbackup GUI, go to:
Host Properties -> Master Servers -> click on *your master*, then Right
click -> properties.
Go to "Client Attributes"
Add the name of the firewalled client, select it, then check "no connect
back" and apply the change.
no need to bounce daemons
add the client to a policy and back it up.
FWIW, in Host Properties of the master server, under the "firewall"
tab....nothing is selected, checked, entered, or otherwise
identified...completely blank...default.
Under Port ranges, everything is also default. check marks in "Use
random port assignment" and "use OS selected non-reserved ports"
Paul
-----Original Message-----
From: Jeff Lightner [<a class="moz-txt-link-freetext" href="mailto:jlightner AT
water DOT com">mailto:jlightner AT water DOT com</a>]
Sent: February 7, 2006 12:14 PM
To: Paul Keating; <a class="moz-txt-link-abbreviated" href="mailto:veritas-bu
AT mailman.eng.auburn DOT edu">veritas-bu AT mailman.eng.auburn DOT edu</a>
Subject: RE: [Veritas-bu] Error 58 got me stumped
Hmmm - Prior to having my security admin open all ports between them I
had changed host properties on the master to use vnetd only in firewall
for a specific client name. This changed the error but the bpcd log
was showing many ports other than vnetd being attempted and they were
random.
Based on what you said also in host properties I've now told the client
to use vnetd only in firewall for the master. Doing a run of the
backup after that I still see it opening all sorts of ports in the bpcd
log and have verified it is in fact opening such ports by running lsof
against bpcd and bpkar on the client. (Note: I also verified these
ports are being opened between client and master not just internal to
the client.)
Do I need to restrict port range to just 13724 in host properties to
force it to use vnetd despite having selected vnetd in the firewall
setting already?
</pre>
<pre wrap="">
<hr size="4" width="90%">
====================================================================================
La version française suit le texte anglais.
------------------------------------------------------------------------------------
This email message from the Bank of Canada is given in good faith, and shall
not be
binding or construed as constituting any obligation on the part of the Bank.
This email may contain privileged and/or confidential information, and the Bank
of
Canada does not waive any related rights. Any distribution, use, or copying of
this
email or the information it contains by other than the intended recipient is
unauthorized. If you received this email in error please delete it immediately
from
your system and notify the sender promptly by email that you have done so.
Recipients are advised to apply their own virus checks to this message upon
receipt.
------------------------------------------------------------------------------------
L'information communiquée dans les courriels en provenance de la
Banque du Canada
est soumise de bonne foi, mais elle ne saurait lier la Banque et ne doit
aucunement
être interprétée comme constituant une
obligation de sa part.
Le présent courriel peut contenir de l'information
privilégiée ou confidentielle.
La Banque du Canada ne renonce pas aux droits qui s'y rapportent. Toute
diffusion,
utilisation ou copie de ce courriel ou des renseignements qu'il contient par une
personne autre que le ou les destinataires désignés
est interdite Si vous recevez
ce courriel par erreur, veuillez le supprimer immédiatement et
envoyer sans délai Ã
l'expéditeur un message électronique pour l'aviser
que vous avez éliminé de votre
ordinateur toute copie du courriel reçu.
Dès la réception du présent message, le
ou les destinataires doivent activer leur
programme de détection de virus pour éviter toute
contamination possible.
</pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
===================================
Steven L. Sesar
Senior Operating Systems Programmer/Analyst
UNIX Application Services R101
The MITRE Corporation
202 Burlington Road - KS101
Bedford, MA 01730
tel: (781) 271-7702
fax: (781) 271-2600
mobile: (617) 893-9635
email: <a class="moz-txt-link-abbreviated" href="mailto:ssesar AT mitre DOT
org">ssesar AT mitre DOT org</a>
===================================
</pre>
</body>
</html>
--------------070204010803000506090802--
|