Veritas-bu
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Veritas-bu] backing up a firewall (not through it)

2001-03-23 15:03:31
Subject: [Veritas-bu] backing up a firewall (not through it)
From: fx AT Veritas DOT com (fx [François-Xavier Peretmere])
Date: Fri, 23 Mar 2001 21:03:31 +0100 
> From: Tim McMurphy [mailto:Tim.McMurphy AT telus DOT com]
> Sent: Friday 23 March, 2001 01:44

> I have read through the mailling list on this one and have
> tried but don't seem to be getting network connection with netbackup (I can
> ping ok from the fw to the backup server).
>
> Netbackup 3.4
> error 41 network connection timed out
>
> I am trying to backup a firewall, not through a firewall,
> just backup the firewall. Of course the fw admins don't want to open up many
> ports. I have the client installed on the firewall.
>
> 1) What is the minimum ports per fw to do a backup?

 "What ports need to be open to back up a client that is behind a firewall?"
 http://seer.support.veritas.com/docs/187321.htm

 basically, rules you need to set up to backup the fw should look like
this:

 mediasrv.[512-1023] -> client.bpcd        : media srv contact client to
                                             start job
 client.[512-1023] -> mediasrv.[512-1023]  : data from client (bpcd/bpbkar) to
                                             the media server (bpbrm/bptm/bpdm)
 client.[512-1023] -> mediasrv.[5000-1023] : if MPX is used. depending of the
                                             RANDOM_PORTS setting, either the 
ports
                                             are picked randomly in the 
interval, or
                                             sequentially from the top to bottom

 you can with 3.4 restrict the window used (what you did), as long as
there is enough ports.

> 2) Here is the config. Will this work?
> On the client (the firewall) I have in bp.conf
> ALLOW_NON_RESERVED_PORTS
> SERVER_PORT_WINDOW = 13740 13750
> CLIENT_PORT_WINDOW = 13740 13750
> RANDOM_PORTS = NO
>
> On the backup server (master) I have this in bp.conf
> ALLOW_NON_RESERVED_PORTS
> SERVER_PORT_WINDOW = 13740 13750
> CLIENT_PORT_WINDOW = 13740 13750
> RANDOM_PORTS = NO
>
> The firewall folks have allowed the following:
> TCP on port 13782, 13720 & 13740 to 13750
>
> I have tried most permutations of the above commands and I am
> obviously missing something. Any ideas?

 you must set up the client on the master to use non priv ports, by
using the bpclient command on the master:

 bpclient -client <client> -add
 bpclient -client <client> -update -connect_nr_port 1

 to troubleshoot connection problem, enable bprd log on the master
and bpcd on the client to see whic ports are used during backup.

 check NetBackup amdinistration guide for the full story.

 Amicalement,
              fx

# cat /usr/include/VRTS/std_disclaimer.h
 1) i speak for myself
 2) sometimes i'm wrong
--
     fx AT veritas DOT com       | Three things are certain:
François-Xavier Peretmere | Death, taxes and lost data
 http://www.veritas.com/  | Guess which has occurred.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Veritas-bu] Offsite backups, Douglas Ritschel
Next by Date:  [Veritas-bu] backing up a firewall, Chapman, Kyle
Previous by Thread:  [Veritas-bu] backing up a firewall (not through it), Tim McMurphy
Next by Thread:  [Veritas-bu] backing up a firewall (not through it), John_Wang AT enron DOT net
Indexes:  [Date] [Thread] [Top] [All Lists]