[Veritas-bu] management console behind firewall
2003-11-06 08:56:50
Subject: |
[Veritas-bu] management console behind firewall |
From: |
Dariusz.Klar AT Sun DOT COM (Dariusz Klar) |
Date: |
Thu, 06 Nov 2003 14:56:50 +0100 |
This is a multi-part message in MIME format.
--------------000307060900010604010104
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Hi,
I did it with success.
I use the following architecture:
SAURON - Solaris 8, NetBAckup 4.5 MP4 master server
behind firewall
FRODO - Solaris 8, NetBackup 4.5 MP4 installed but
I use it as a administration console (Java Console)
for managing SAURON
Forget about using Windows Administration Console
for adminstering NetBackup 4.5. It opens completly
unpredictable and uncountable number and ranges of
ports for communication. It uses ICMP also (sic!)
Even if your NetBackup server uses extra configuration
for cooperating with firewall for Windows Console
it doesn't matter.
This configuration minimize network traffic between
console and managed server.
1. Lines from bp.conf on SAURON
SERVER_RESERVED_PORT_WINDOW = 800 899
SERVER_PORT_WINDOW = 4800 4899
CLIENT_RESERVED_PORT_WINDOW = 900 999
SERVER_RESERVED_PORT_WINDOW = 800 899
CLIENT_PORT_WINDOW = 4900 4999
SERVER_PORT_WINDOW = 4800 4899
RANDOM_PORTS = NO
CONNECT_OPTIONS = FRODO 0 1
2. Lines from bp.conf on FRODO
SERVER_RESERVED_PORT_WINDOW = 800 899
SERVER_PORT_WINDOW = 4800 4899
CLIENT_RESERVED_PORT_WINDOW = 900 999
SERVER_RESERVED_PORT_WINDOW = 800 899
CLIENT_PORT_WINDOW = 4900 4999
SERVER_PORT_WINDOW = 4800 4899
RANDOM_PORTS = NO
CONNECT_OPTIONS = SAURON 0 1
3. Allow for incoming TCP connections from
FRODO to SAURON on the following ports:
13701, 13721, 13723, 13724, 13782
In practice you CAN'T predict the number and
and ranges of the outgoing (returning communication)
ports from SAURON to FRODO. See attachement for
all details. I recorded traffic between managed server
(Net Node 2 - SAURON in this example) and Java Administration
Console (Net Node 1 - FRODO in this example)
4. On the FRODO run jnbSA and click to CHANGE SERVER.
Type SAURON and you will be able for full administration
regards,
Darek Klar
Sun Microsystems Poland
> Hi,
>
> Has anyone succesfully set up a management console behind a (stateful)
> firewall? We've tried using vnetd with the option:
>
> CONNECT_OPTIONS = hostname-of-management-console 0 1 1
>
> in the master's bp.conf, but no luck.
>
> This is version 4.5FP_3GA. Master server is Solaris.
>
> Thanks,
> Ruben
>
>
>
> _______________________________________________
> Veritas-bu maillist - Veritas-bu AT mailman.eng.auburn DOT edu
> http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
--------------000307060900010604010104
Content-Type: text/plain;
name="NetBackupJavaAdministrationConsoleConversation.txt"
Content-Transfer-Encoding: 8bit
Content-Disposition: inline;
filename="NetBackupJavaAdministrationConsoleConversation.txt"
# This is an EtherPeek Conversation statistics file created:
# 21 pa?dziernik 2003 14:13:41
# The format of this file is:
Net Node 1 (Client) Net Node 2 Packets Bytes Duration
10.4.166.45 10.131.4.19 6 606 1 268 591
TCP/Port 25645<->Port 13701 19 1 582 00:00:00.034
TCP/Port 12112<->Port 13701 40 3 521 00:00:00.038
TCP/Port 5356<->Port 13701 19 1 603 00:00:00.034
TCP/Port 18377<->Port 13701 19 1 577 00:00:00.034
TCP/Port 11108<->Port 13701 40 3 521 00:00:00.038
TCP/Port 23292<->Port 13701 72 16 342 00:00:00.090
TCP/Port 9406<->Port 13701 19 1 583 00:00:00.035
TCP/Port 21755<->Port 13701 25 2 385 00:00:00.036
TCP/Port 2137<->Port 13701 19 1 583 00:00:00.033
TCP/Port 10962<->Port 13701 19 1 583 00:00:00.034
TCP/Port 16617<->Port 13701 75 6 331 00:00:00.862
TCP/Port 15584<->Port 13701 19 1 603 00:00:00.035
TCP/Port 26556<->Port 13701 19 1 583 00:00:00.085
TCP/Port 43387<->Port 13724 99 66 030 00:03:17.678
TCP/Port 4999<->Port 13723 48 4 443 00:17:20.044
TCP/Port 999<->Port 13782 564 49 406 00:17:42.167
TCP/Port 934<->Port 13724 23 2 740 00:00:27.758
TCP/Port 980<->Port 13724 23 2 740 00:00:26.982
TCP/Port 946<->Port 13724 48 5 610 00:08:37.531
TCP/Port 988<->Port 13724 52 5 269 00:07:45.529
TCP/Port 4998<->Port 13721 1 405 371 432 00:14:20.672
TCP/Port 4997<->Port 13721 229 80 128 00:14:21.642
TCP/Port 43406<->Port 13724 129 70 083 00:00:44.307
TCP/Port 922<->Port 13724 26 4 071 00:00:18.875
TCP/Port 927<->Port 13724 21 3 158 00:00:00.460
TCP/Port 998<->Port 13782 65 5 707 00:04:12.547
TCP/Port 938<->Port 13724 21 3 158 00:00:38.379
TCP/Port 4997<->Port 13701 36 3 058 00:00:00.441
TCP/Port 4998<->Port 13701 80 7 042 00:00:24.123
TCP/Port 997<->Port 13782 34 3 002 00:00:00.407
TCP/Port 976<->Port 13724 21 2 797 00:00:00.454
TCP/Port 4996<->Port 13721 161 31 613 00:10:24.139
TCP/Port 4996<->Port 13701 36 3 058 00:00:00.420
TCP/Port 4995<->Port 13721 389 60 349 00:03:10.199
TCP/Port 4994<->Port 13721 107 34 683 00:01:43.132
TCP/Port 4999<->Port 13721 384 58 415 00:07:19.111
TCP/Port 996<->Port 13782 34 2 991 00:00:00.416
TCP/Port 977<->Port 13724 21 3 158 00:00:34.333
TCP/Port 992<->Port 13724 33 3 051 00:00:01.067
TCP/Port 991<->Port 13724 25 2 870 00:00:05.750
TCP/Port 923<->Port 13724 25 2 870 00:00:00.906
TCP/Port 4993<->Port 13721 105 35 155 00:00:22.494
TCP/Port 979<->Port 13724 25 2 087 00:00:00.652
TCP/Port 4992<->Port 13721 66 7 528 00:00:03.601
TCP/Port 942<->Port 13724 25 2 855 00:00:14.578
TCP/Port 935<->Port 13724 31 2 673 00:00:01.278
TCP/Port 929<->Port 13724 25 2 087 00:00:04.568
TCP/Port 12272<->Port 13701 40 3 521 00:00:00.039
TCP/Port 11584<->Port 13701 72 16 342 00:00:00.118
TCP/Port 19541<->Port 13701 19 1 583 00:00:00.034
TCP/Port 22378<->Port 13701 25 2 385 00:00:00.036
TCP/Port 1427<->Port 13701 19 1 583 00:00:00.034
TCP/Port 12358<->Port 13701 19 1 583 00:00:00.034
TCP/Port 6879<->Port 13701 75 6 331 00:00:00.855
TCP/Port 20454<->Port 13701 19 1 603 00:00:00.034
TCP/Port 23732<->Port 13701 19 1 583 00:00:00.086
TCP/Port 22270<->Port 13701 19 1 582 00:00:00.039
TCP/Port 19570<->Port 13701 40 3 521 00:00:00.037
TCP/Port 4557<->Port 13701 19 1 603 00:00:00.034
TCP/Port 16760<->Port 13701 19 1 577 00:00:00.014
TCP/Port 9491<->Port 13701 16 1 349 00:00:00.035
TCP/Port 16485<->Port 13701 40 3 521 00:00:00.052
TCP/Port 20394<->Port 13701 19 1 582 00:00:00.035
TCP/Port 32675<->Port 13701 40 3 521 00:00:00.038
TCP/Port 13107<->Port 13701 19 1 603 00:00:00.034
TCP/Port 27663<->Port 13701 19 1 577 00:00:00.034
TCP/Port 2628<->Port 13701 42 3 495 00:00:00.501
TCP/Port 26139<->Port 13701 123 20 522 00:00:00.201
TCP/Port 10242<->Port 13701 12 1 029 00:00:00.071
TCP/Port 705<->Port 13711 19 2 352 00:00:00.404
TCP/Port 9311<->Port 13701 113 19 512 00:00:00.204
TCP/Port 20399<->Port 13701 16 1 349 00:00:00.033
TCP/Port 20771<->Port 13701 40 3 521 00:00:00.038
TCP/Port 31761<->Port 13701 19 1 582 00:00:00.034
TCP/Port 20742<->Port 13701 40 3 521 00:00:00.085
TCP/Port 9236<->Port 13701 19 1 603 00:00:00.028
TCP/Port 4445<->Port 13701 19 1 577 00:00:00.034
TCP/Port 11714<->Port 13701 19 1 582 00:00:00.034
TCP/Port 6863<->Port 13701 40 3 521 00:00:00.047
TCP/Port 12756<->Port 13701 19 1 603 00:00:00.018
TCP/Port 26368<->Port 13701 19 1 577 00:00:00.034
TCP/Port 31819<->Port 13701 40 3 521 00:00:00.038
TCP/Port 4939<->Port 13701 72 16 342 00:00:00.091
TCP/Port 23139<->Port 13701 19 1 583 00:00:00.046
TCP/Port 11895<->Port 13701 25 2 385 00:00:00.036
TCP/Port 30408<->Port 13701 19 1 583 00:00:00.034
TCP/Port 22688<->Port 13701 19 1 583 00:00:00.034
TCP/Port 17513<->Port 13701 75 6 331 00:00:00.930
TCP/Port 18442<->Port 13701 19 1 603 00:00:00.045
TCP/Port 25483<->Port 13701 19 1 583 00:00:00.085
TCP/Port 1158<->Port 13701 75 6 331 00:00:31.169
TCP/Port 43782<->Port 13724 99 66 947 00:00:13.974
TCP/Port 900<->Port 13724 23 2 753 00:00:17.353
TCP/Port 920<->Port 13724 29 2 528 00:00:02.837
TCP/Port 955<->Port 13724 25 2 821 00:00:01.353
10.4.166.45 10.141.4.19 35 3 535
10.4.166.141 10.0.59.214 6 747
10.4.166.141 10.4.145.12 6 747
10.4.166.141 10.4.166.11 6 747
10.4.166.61 10.4.176.22 2 268
--------------000307060900010604010104--
|
|
|