Veritas-bu
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Veritas-bu] Firewall Questions

2005-04-25 05:51:34
Subject: [Veritas-bu] Firewall Questions
From: Philip.Weber AT egg DOT com (Weber, Philip)
Date: Mon, 25 Apr 2005 10:51:34 +0100 
The client still initiates a connection back.  The no-callback option
makes it call back on the vnetd port only.

-----Original Message-----
From: Jerry [mailto:juanino AT yahoo DOT com] 
Sent: 15 April 2005 17:25
To: Weber, Philip; Paul Keating; veritas-bu AT mailman.eng.auburn DOT edu
Subject: RE: [Veritas-bu] Firewall Questions


Check out the vnetd and no-callback options.  You will
have much less ports to open that way (2 I believe). 
And with no-callback the client won't initiate a
connection back, so the firewall guys tend to like it
better.

--- "Weber, Philip" <Philip.Weber AT egg DOT com> wrote:

> Thanks.
> 
> 1.  New firewall change raised and argument with IT
> Security pending...
> 2.  For PC Java GUI, NBJAVA_CONNECT_OPTION=1 under
> {veritas
> install}\java\{master}.vrtsnbuj seems to do the
> trick ... another
> firewall change pending to open access to master
> server ports 13722,
> 13723 and 13724 (sigh).
> 
> -----Original Message-----
> From: veritas-bu-admin AT mailman.eng.auburn DOT edu
> [mailto:veritas-bu-admin AT mailman.eng.auburn DOT edu] On
> Behalf Of Paul
> Keating
> Sent: 14 April 2005 19:41
> To: veritas-bu AT mailman.eng.auburn DOT edu
> Subject: RE: [Veritas-bu] Firewall Questions
> 
> 
> 
> 
> > -----Original Message-----
> > From: veritas-bu-admin AT mailman.eng.auburn DOT edu 
> > [mailto:veritas-bu-admin AT mailman.eng.auburn DOT edu]
> On Behalf Of 
> > Weber, Philip
> > Sent: April 14, 2005 10:33 AM
> > To: veritas-bu AT mailman.eng.auburn DOT edu
> > Subject: [Veritas-bu] Firewall Questions
> > 
> > As I am getting return code 58 I
> > guess this is not enough, and that the clients
> have to be able to
> > initiate some communications with the
> master/media, even for scheduled
> > backups.  Can anyone confirm/deny?
> > 
> > I have opened
> > master/media --> client on 13782, 13720, 13724.
> 
> 
> Master server needs to be able to reach client via
> 13782.
> Client needs to be able to initiate connection back
> to the Master on
> 13724.
> 
> Netbackup doesn't use "sessions".
> The master tells the client it is ready for the
> backup (port 13782).
> The client then initiates its own connection back to
> the master on
> 13724.
> 
> Yeah, it sucks.
> 
> One option I've thought of, but haven't tried, is to
> have a script that
> starts an ssh connection to the client before the
> backup starts, then
> tear it down after the backup completes.....the
> tunnel would stay up for
> the client to request its connection back to the
> master server, without
> leaving holes in your firewall.
> 
> 
> > 
> > 2.  I have a separate 5.1MP2 environment to which
> I would like to be
> > able to connect using the Java GUI from my PC. 
> The master server is
> > behind a firewall relative to my PC.  I get a
> login box, but then get
> > the error "Unable to login, status: 506.  Can not
> connect to 
> > the NB-Java
> > service on <master> on port 1347...", where the
> port number changes on
> > each attempt.  Is it possible to limit this to a
> small set of ports?
> 
> Change "NBJAVA_CONNECT_OPTION=0" to
> "NBJAVA_CONNECT_OPTION=1" in
> /usr/openv/java/nbj.conf and it should use 13724,
> IIRC.
> 
> Paul
> 
> _______________________________________________
> Veritas-bu maillist  - 
> Veritas-bu AT mailman.eng.auburn DOT edu
>
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
> 
> -----------------------------------------
> Egg is a trading name of the Egg group of companies
> which includes: Egg plc
> (reg no 2448340), Egg Financial Products ltd (reg no
> 3319027), Egg
> International ltd (reg no 4059266), Egg Financial
> Intermediation ltd (reg
> no 382828), Egg Investments ltd (reg no 3403963) and
> Egg Banking plc (reg
> no 2999842.  Egg Investments Ltd, Egg Banking plc
> and Egg Financial
> Intermediation Ltd are authorised and regulated by
> the Financial Services
> Authority (FSA) and are entered in the FSA register
> under numbers 190518,
> 205621 and 309551 respectively. These members of the
> Egg group are
> registered in England and Wales. Registered offices:
> 1 Waterhouse Square,
> 138-142 Holborn, London EC1N 2NA.    This e-mail is
> confidential and for
> use by the addressee only.  If you are not the
> intended recipient of this
> e-mail and have received it in error, please return
> the message to the
> sender by replying to it and then delete it from
> your mailbox.  Internet
> e-mails are not necessarily secure. The Egg group of
> companies do not
> accept responsibility for changes made to this
> message after it was sent.
> Whilst all reasonable care has been taken to avoid
> the transmission of
> viruses, it is the responsibility of the recipient
> to ensure that the
> onward transmission, opening or use of this message
> and any attachments
> will not adversely affect its systems or data. No
> responsibility is
> accepted by the Egg group of companies in this
> regard and the recipient
> should carry out such virus and other checks as it
> considers appropriate.
> This communication does not create or modify any
> contract.
> 
> 
> _______________________________________________
> Veritas-bu maillist  - 
> Veritas-bu AT mailman.eng.auburn DOT edu
>
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
> 



                
__________________________________ 
Do you Yahoo!? 
Make Yahoo! your home page 
http://www.yahoo.com/r/hs

-----------------------------------------
Egg is a trading name of the Egg group of companies which includes: Egg plc
(reg no 2448340), Egg Financial Products ltd (reg no 3319027), Egg
International ltd (reg no 4059266), Egg Financial Intermediation ltd (reg
no 382828), Egg Investments ltd (reg no 3403963) and Egg Banking plc (reg
no 2999842.  Egg Investments Ltd, Egg Banking plc and Egg Financial
Intermediation Ltd are authorised and regulated by the Financial Services
Authority (FSA) and are entered in the FSA register under numbers 190518,
205621 and 309551 respectively. These members of the Egg group are
registered in England and Wales. Registered offices: 1 Waterhouse Square,
138-142 Holborn, London EC1N 2NA.    This e-mail is confidential and for
use by the addressee only.  If you are not the intended recipient of this
e-mail and have received it in error, please return the message to the
sender by replying to it and then delete it from your mailbox.  Internet
e-mails are not necessarily secure. The Egg group of companies do not
accept responsibility for changes made to this message after it was sent.
Whilst all reasonable care has been taken to avoid the transmission of
viruses, it is the responsibility of the recipient to ensure that the
onward transmission, opening or use of this message and any attachments
will not adversely affect its systems or data. No responsibility is
accepted by the Egg group of companies in this regard and the recipient
should carry out such virus and other checks as it considers appropriate.
This communication does not create or modify any contract.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Veritas-bu] NetBackup for DB2, ida3248b AT post.cybercity DOT dk
Next by Date:  [Veritas-bu] backing up / restoring win 2003 cluster, Weber, Philip
Previous by Thread:  [Veritas-bu] Firewall Questions, Jerry
Next by Thread:  [Veritas-bu] Netbackup 3.4.1 with Solaris 9/10, Steve Giessler
Indexes:  [Date] [Thread] [Top] [All Lists]