Networker
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Networker] using Networker through IPtables

2004-06-17 14:26:36
Subject: Re: [Networker] using Networker through IPtables
From: f_x <f_x AT GMX DOT NET>
To: NETWORKER AT LISTMAIL.TEMPLE DOT EDU
Date: Thu, 17 Jun 2004 20:26:39 +0200 
Backup Server: 10.1.1.1
Backup Client: 10.1.1.2

IPTables rules for the client:
incoming rules:
# NetWorker Service Ports: backup.server to backup.client
-A INPUT -i eth1 -s 10.1.1.1 -p tcp -d 10.1.1.2 --dport 7937:9936 -m
state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth1 -s 10.1.1.1 -p udp -d 10.1.1.2 --dport 7937:9936 -m
state --state NEW,ESTABLISHED -j ACCEPT
# NetWorker Data Ports: backup.server to backup.client
-A INPUT -i eth1 -s 10.1.1.1 -p tcp -d 10.1.1.2 --dport 10001:30000 -m
state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth1 -s 10.1.1.1 -p udp -d 10.1.1.2 --dport 10001:30000 -m
state --state NEW,ESTABLISHED -j ACCEPT

outgoing rules:
# NetWorker Service Ports: backup.client >> backup.server
-A OUTPUT -o eth1 -p tcp -d 10.1.1.1 --dport 7937:9936 -m state --state
NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth1 -p udp -d 10.1.1.1 --dport 7937:9936 -m state --state
NEW,ESTABLISHED -j ACCEPT
# NetWorker data Ports: backup.client >> backup.server
-A OUTPUT -o eth1 -p tcp -d 10.1.1.1 --dport 10001:30000 -m state
--state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth1 -p udp -d 10.1.1.1 --dport 10001:30000 -m state
--state NEW,ESTABLISHED -j ACCEPT

The rules for the backup server are similar, one for each backup client.
Maybe You configure smaller ranges, if You count your machines and the
number of parallel backups. These rules work with NetWorker 6.x and 7.x.
On versions earlier then 6.x(if i'm right) You need the udp/tcp port 111
like Todd wrote. Both machines are on the same network(DMZ). I cannot
recommend any type of port forwarding or NAT. If You only have a few
machines in the DMZ take the Business or Workgroup Edition and run a
dedicated Backup Server for this zone.

greetings f_x

Mark Ortmeyer schrieb:

Hi,
We are having some difficulty writing viable IPtables rules, which allow
a successful backup from client to
server using Networker.

client --> using IPtables
server --> not behind firewall

Has anyone written an IPtables rule for their Networker configuration,
that they would be willing to share?
It would be greatly appreciated.

thanks,
-mark



--
Mark Ortmeyer                       morto AT apl.washington DOT edu
University of Washington            http://www.washington.edu
Applied Physics Laboratory          http://www.apl.washington.edu
Polar Science Center                http://psc.apl.washington.edu
(206) 543-1349                      (206) 616-3142 (fax)

--
Note: To sign off this list, send a "signoff networker" command via email
to listserv AT listmail.temple DOT edu or visit the list's Web site at
http://listmail.temple.edu/archives/networker.html where you can
also view and post messages to the list.
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=



--
Note: To sign off this list, send a "signoff networker" command via email
to listserv AT listmail.temple DOT edu or visit the list's Web site at
http://listmail.temple.edu/archives/networker.html where you can
also view and post messages to the list.
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Networker] Default backup pool, Novello, Guy
Next by Date:  Re: [Networker] SQL backup problems, f_x
Previous by Thread:  [Networker] using Networker through IPtables, Mark Ortmeyer
Next by Thread:  Re: [Networker] using Networker through IPtables, Willeat, Todd
Indexes:  [Date] [Thread] [Top] [All Lists]