I have a question about the 5.1-> 6.5 upgrade, relating to the use on
non-reserved ports.
This is what the 5.1 manual says:
<<
Accept Connections on Non-reserved Ports
The Accept Connections on Non-reserved Ports property specifies that the
NetBackup client service (bpcd) can accept remote connections from
nonprivileged ports (port numbers 1024 or greater). If this property is
not specified, bpcd requires remote connections to come from privileged
ports (port numbers less than 1024). Accept Connections on Non-reserved
Ports is useful when NetBackup clients and servers are on opposite sides
of a firewall.
When unchecked (default), this also means that the source ports for
connections to bpcd use reserved ports as well.
If Accept Connections on Non-reserved Ports is checked on a client or
server, and you want to use non-reserved ports, the server connecting to
the client or server must also be set up to use non-reserved ports for the
client.
In addition to changing Accept Connections on Non-reserved Ports here,
specify that the server use nonreserved ports for this client: select
Accept Connections from Non-reserved Ports on the server properties Client
attributes tab.
>>
and this is what the 6.5 manual says:
<<
Accept connections on non reserved ports
The Accept connections on non reserved ports property specifies whether
the NetBackup client service (bpcd) can accept remote connections from
nonprivileged ports. (Nonprivileged ports have port numbers 1024 or
greater.) (Default: enabled.)
If this property is enabled, the server that connects to the host must
also be configured to use non-reserved ports for the client. Select Accept
connections from non reserved ports on the server properties Client
attributes tab. For more information, see “Maximum data streams” on page
387.
If the property is disabled (unchecked), bpcd requires remote connections
to come from privileged ports. (Privileged ports have port numbers less
than 1024.) Accept connections on non reserved ports is useful when
NetBackup clients and servers are on opposite sides of a firewall.
When disabled, the source ports for connections to bpcduse reserved ports
as well.
>>
Now I've compared a system (Client) upgraded from 5.1 to 6.5.4 with one
installed new at 6.5.4, and this is what it looks to me:
Any *new install* will be configured to accept connections from
non-reserved ports, and that also means that it will initiate connections
using non-reserved ports. Any system that has been upgraded from 5.1 will
still have this disabled, and so will not accept connections from a server
or client that is a new install. Equally an upgraded system will initiate
connections using reserved ports, which I suspect will be accepted by a
new install system (i.e. enabling use of non-reserved ports is unlikely to
disable use or reserved ports).
I vaguely recall a technote about this but I can't find it. Anyone else
had issues with this change of behaviour?
I did find this in the 'Additional Operational Notes' document:
<<
NetBackup firewall and port usage
If default_connect_options, connect_options, or bpclient are used in such
a way that the ultimate daemon connection port is vnetd then
ALLOW_NON_RESERVED_PORTS configuration option on the bpcd machine is
ignored.
>>
So it is I guess possible to configure round this - but has anyone had a
problem with this?
William D L Brown
-----------------------------------------------------------
This e-mail was sent by GlaxoSmithKline Services Unlimited
(registered in England and Wales No. 1047315), which is a
member of the GlaxoSmithKline group of companies. The
registered address of GlaxoSmithKline Services Unlimited
is 980 Great West Road, Brentford, Middlesex TW8 9GS.
-----------------------------------------------------------
_______________________________________________
Veritas-bu maillist - Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
|