This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C5E4C6.DAFA2010
Content-Type: text/plain;
charset="iso-8859-1"
you need to allow "ping" as well on your firewall
-----Original Message-----
From: Kilpatrick, Mark [mailto:mark.kilpatrick AT sabeo DOT com]
Sent: Wednesday, November 09, 2005 4:31 AM
To: veritas-bu AT mailman.eng.auburn DOT edu
Subject: [Veritas-bu] RE: How to troubleshoot a Firewall Client Backup with
Clustered Netbackup Server
I got some great information from responses on this list to my firewall
issue. I was able to use all the troubleshooting tips to suggest that the
problem lied with the firewall. I could telent from the client to the media
server but I could NOT telnet from the media server to the client. This has
now been resolved but I have not yet had a successful backup. The client is
now creating logs for bpcd and the error message is Reserved Port Mismatch.
Any ideas what Reserved Port Mismatch could be? Am I still looking at a
firewall issue?
NAT is turned off for my IP addresses in question. There are two firewalls
in the picture, using Check Point and Side Winder.
Thanks again.
-----Original Message-----
From: Kilpatrick, Mark
Sent: 07 November 2005 17:11
To: 'veritas-bu AT mailman.eng.auburn DOT edu'
Subject: How to troubleshoot a Firewall Client Backup with Clustered
Netbackup Server
Hi, I am attempting to backup two Solaris NBU5.1 clients through a firewall
and they are unsuccessful. I would like some pointers on troubleshooting
this procedure.
The firewall rules have been set up for bpcd (13782) going out to the client
from the master server and media servers.
The firewall rules have been set up for vnetd (13724) going into the server.
The client attribute of vnetd port has been selected from the master server
properties for each of the clients.
When selecting the client properties from the NBU admin interface the error
of cannot connect on socket (status 25) returns immediately
When running a test backup the error of (58) can't connect to client returns
almost immediately.
I have run the bpclient -client -nameofclient -L command on each of the
firewalled clients and the No call back connections is set to yes. But the
IP address returned is 0.0.0.0
I have checked the /etc/services and /etc/inetd.conf on each client
I have checked the bp.conf on each client and server and media server names
are present
I have checked /etc/hosts on server and client
I have enabled logging of bpcd and vnetd on the clients but there are no log
files created - indicating no communication with the clients from the master
I have enabled logging of bpcd on the master
How can I determine if the problem lies with the firewall rules created by
the firewall admin team or with netbackup (version 5.1 HP-UX running on a
VCS cluster). Could the issue be related to the fact that I have a netbackup
clustered server. The firewall rules only specify the virtual server
hostname. Addition of physical name and IP to firewall rules is not
possible.
Regards, Mark K
Due to continued expansion Sabeo Technologies have moved office - to The
Courtyard, Carmanhall Road, Sandyford, Dublin 18. Our telephone and fax
numbers remain unchanged. A location map is available on our website
www.sabeo.com.
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
Sabeo Technologies.
This footnote also confirms that this email message has been swept for the
presence of computer viruses.
**********************************************************************
Macquarie Telecom - delivering value for business and government.
----------------------------------------------------------------------------
-----------------------------------
Confidentiality Note: This e-mail is sent to and intended for use by the
named addressees only.
It contains confidential information. If you receive this e-mail in error,
please telephone Macquarie
Telecom Pty Ltd on +612 8221 7777, and then delete this message immediately.
Further, you should
not re-transmit, copy, store, or reveal the contents of this message to any
third party.
------_=_NextPart_001_01C5E4C6.DAFA2010
Content-Type: text/html;
charset="iso-8859-1"
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1515" name=GENERATOR>
<STYLE>@font-face {
font-family: Tahoma;
}
@page Section1 {size: 612.0pt 792.0pt; margin: 72.0pt 90.0pt 72.0pt 90.0pt; }
P.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"
}
LI.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"
}
DIV.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"
}
A:link {
COLOR: blue; TEXT-DECORATION: underline
}
SPAN.MsoHyperlink {
COLOR: blue; TEXT-DECORATION: underline
}
A:visited {
COLOR: purple; TEXT-DECORATION: underline
}
SPAN.MsoHyperlinkFollowed {
COLOR: purple; TEXT-DECORATION: underline
}
SPAN.emailstyle17 {
COLOR: windowtext; FONT-FAMILY: Arial
}
SPAN.EmailStyle18 {
COLOR: navy; FONT-FAMILY: Arial
}
DIV.Section1 {
page: Section1
}
</STYLE>
</HEAD>
<BODY lang=EN-US vLink=purple link=blue>
<DIV><SPAN class=886124400-09112005><FONT face=Arial color=#0000ff size=2>you
need to allow "ping" as well on your firewall</FONT></SPAN></DIV>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> Kilpatrick, Mark
[mailto:mark.kilpatrick AT sabeo DOT com]<BR><B>Sent:</B> Wednesday, November
09,
2005 4:31 AM<BR><B>To:</B>
veritas-bu AT mailman.eng.auburn DOT edu<BR><B>Subject:</B> [Veritas-bu] RE:
How to
troubleshoot a Firewall Client Backup with Clustered Netbackup
Server<BR><BR></FONT></DIV>
<DIV class=Section1>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">I got some great
information from responses on this list to my firewall issue. I was able to
use all the troubleshooting tips to suggest that the problem lied with the
firewall. I could telent from the client to the media server but I could NOT
telnet from the media server to the client. This has now been resolved but I
have not yet had a successful backup. The client is now creating logs for
bpcd
and the error message is Reserved Port Mismatch.</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY:
Arial"></SPAN></FONT> </P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">Any ideas what
Reserved Port Mismatch could be? Am I still looking at a firewall
issue?</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY:
Arial"></SPAN></FONT> </P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">NAT is turned off
for
my IP addresses in question. There are two firewalls in the picture, using
Check Point and Side Winder.</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY:
Arial"></SPAN></FONT> </P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">Thanks
again.</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY:
Arial"></SPAN></FONT> </P>
<P class=MsoNormal style="MARGIN-LEFT: 36pt"><FONT face=Tahoma size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma">-----Original
Message-----<BR><B><SPAN style="FONT-WEIGHT: bold">From:</SPAN></B>
Kilpatrick, Mark <BR><B><SPAN style="FONT-WEIGHT: bold">Sent:</SPAN></B> 07
November 2005 17:11<BR><B><SPAN style="FONT-WEIGHT: bold">To:</SPAN></B>
'veritas-bu AT mailman.eng.auburn DOT edu'<BR><B><SPAN
style="FONT-WEIGHT: bold">Subject:</SPAN></B> How to troubleshoot a Firewall
Client Backup with Clustered Netbackup Server</SPAN></FONT></P>
<P class=MsoNormal style="MARGIN-LEFT: 36pt"><FONT face="Times New Roman"
size=3><SPAN style="FONT-SIZE: 12pt"></SPAN></FONT> </P>
<P class=MsoNormal style="MARGIN-LEFT: 36pt"><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Hi, I am attempting to backup two
Solaris NBU5.1 clients through a firewall and they are unsuccessful. I would
like some pointers on troubleshooting this procedure.</SPAN></FONT></P>
<P class=MsoNormal style="MARGIN-LEFT: 36pt"><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"></SPAN></FONT> </P>
<P class=MsoNormal style="MARGIN-LEFT: 36pt"><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">The firewall rules have been set
up for bpcd (13782) going out to the client from the master server and media
servers.</SPAN></FONT></P>
<P class=MsoNormal style="MARGIN-LEFT: 36pt"><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">The firewall rules have been set
up for vnetd (13724) going into the server.</SPAN></FONT></P>
<P class=MsoNormal style="MARGIN-LEFT: 36pt"><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">The client attribute of vnetd
port
has been selected from the master server properties for each of the
clients.</SPAN></FONT></P>
<P class=MsoNormal style="MARGIN-LEFT: 36pt"><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">When selecting the client
properties from the NBU admin interface the error of cannot connect on socket
(status 25) returns immediately</SPAN></FONT></P>
<P class=MsoNormal style="MARGIN-LEFT: 36pt"><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">When running a test backup the
error of (58) can't connect to client returns almost
immediately.</SPAN></FONT></P>
<P class=MsoNormal style="MARGIN-LEFT: 36pt"><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"></SPAN></FONT> </P>
<P class=MsoNormal style="MARGIN-LEFT: 36pt"><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">I have run the bpclient -client
-nameofclient -L command on each of the firewalled clients and the No call
back connections is set to yes. But the IP address returned is 0.0.0.0
</SPAN></FONT></P>
<P class=MsoNormal style="MARGIN-LEFT: 36pt"><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">I have checked the /etc/services
and /etc/inetd.conf on each client</SPAN></FONT></P>
<P class=MsoNormal style="MARGIN-LEFT: 36pt"><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">I have checked the bp.conf on
each
client and server and media server names are present</SPAN></FONT></P>
<P class=MsoNormal style="MARGIN-LEFT: 36pt"><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">I have checked /etc/hosts on
server and client</SPAN></FONT></P>
<P class=MsoNormal style="MARGIN-LEFT: 36pt"><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">I have enabled logging of bpcd
and
vnetd on the clients but there are no log files created - indicating no
communication with the clients from the master</SPAN></FONT></P>
<P class=MsoNormal style="MARGIN-LEFT: 36pt"><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">I have enabled logging of bpcd on
the master</SPAN></FONT></P>
<P class=MsoNormal style="MARGIN-LEFT: 36pt"><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"></SPAN></FONT> </P>
<P class=MsoNormal style="MARGIN-LEFT: 36pt"><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">How can I determine if the
problem
lies with the firewall rules created by the firewall admin team or with
netbackup (version 5.1 HP-UX running on a VCS cluster). Could the issue be
related to the fact that I have a netbackup clustered server. The firewall
rules only specify the virtual server hostname. Addition of physical name and
IP to firewall rules is not possible.</SPAN></FONT></P>
<P class=MsoNormal style="MARGIN-LEFT: 36pt"><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"></SPAN></FONT> </P>
<P class=MsoNormal style="MARGIN-LEFT: 36pt"><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"></SPAN></FONT> </P>
<P class=MsoNormal style="MARGIN-LEFT: 36pt"><FONT face="Times New Roman"
size=3><SPAN style="FONT-SIZE: 12pt">Regards, Mark K </SPAN></FONT></P>
<P class=MsoNormal style="MARGIN-LEFT: 36pt"><FONT face="Times New Roman"
size=3><SPAN style="FONT-SIZE: 12pt"></SPAN></FONT> </P></DIV>
<P><SPAN style="FONT-SIZE: 8pt; FONT-FAMILY: 'Arial'"></SPAN> </P>
<P><SPAN style="FONT-SIZE: 8pt; FONT-FAMILY: 'Arial'"></SPAN></P>
<P><SPAN style="FONT-SIZE: 8pt; FONT-FAMILY: 'Arial'"></SPAN> </P>
<P><SPAN style="FONT-SIZE: 8pt; FONT-FAMILY: 'Arial'">Due to continued
expansion Sabeo Technologies have moved office - to The Courtyard, Carmanhall
Road, Sandyford, Dublin 18. Our telephone and fax numbers remain unchanged. A
location map is available on our website www.sabeo.com.</SPAN></P>
<P><SPAN style="FONT-SIZE: 8pt; FONT-FAMILY: 'Arial'"></SPAN></P>
<P><SPAN style="FONT-SIZE: 8pt; FONT-FAMILY: 'Arial'"></SPAN> </P>
<P><SPAN style="FONT-SIZE: 8pt; FONT-FAMILY: 'Arial'"></SPAN></P>
<P><SPAN style="FONT-SIZE: 8pt; FONT-FAMILY: 'Arial'"></SPAN> </P>
<P><SPAN style="FONT-SIZE: 8pt; FONT-FAMILY: 'Arial'"></SPAN></P>
<P><SPAN style="FONT-SIZE: 8pt; FONT-FAMILY: 'Arial'"></SPAN> </P>
<P><SPAN
style="FONT-SIZE: 8pt; FONT-FAMILY:
'Arial'">**********************************************************************</SPAN></P>
<P><SPAN style="FONT-SIZE: 8pt; FONT-FAMILY: 'Arial'">This email and any
files
transmitted with it are confidential and</SPAN></P>
<P><SPAN style="FONT-SIZE: 8pt; FONT-FAMILY: 'Arial'">intended solely for the
use of the individual or entity to whom they</SPAN></P>
<P><SPAN style="FONT-SIZE: 8pt; FONT-FAMILY: 'Arial'">are addressed. If you
have received this email in error please notify</SPAN></P>
<P><SPAN style="FONT-SIZE: 8pt; FONT-FAMILY: 'Arial'">Sabeo
Technologies.</SPAN></P>
<P><SPAN style="FONT-SIZE: 8pt; FONT-FAMILY: 'Arial'"></SPAN></P>
<P><SPAN style="FONT-SIZE: 8pt; FONT-FAMILY: 'Arial'"></SPAN> </P>
<P><SPAN style="FONT-SIZE: 8pt; FONT-FAMILY: 'Arial'">This footnote also
confirms that this email message has been swept for the presence of computer
viruses.</SPAN></P>
<P><SPAN
style="FONT-SIZE: 8pt; FONT-FAMILY:
'Arial'">**********************************************************************</SPAN></P>
<P><SPAN
style="FONT-SIZE: 8pt; FONT-FAMILY:
'Arial'"></SPAN> </P></BLOCKQUOTE></BODY></HTML>
<P><FONT SIZE=2 FACE="Arial">Macquarie Telecom - delivering value for business
and government.</FONT></P>
<P><FONT SIZE=2
FACE="Arial">---------------------------------------------------------------------------------------------------------------</FONT></P>
<P><FONT SIZE=2 FACE="Arial">Confidentiality Note: This e-mail is sent to and
intended for use by the named addressees only. </FONT></P>
<P><FONT SIZE=2 FACE="Arial">It contains confidential information. If you
receive this e-mail in error, please telephone Macquarie </FONT></P>
<P><FONT SIZE=2 FACE="Arial">Telecom Pty Ltd on +612 8221 7777, and then delete
this message immediately. Further, you should </FONT></P>
<P><FONT SIZE=2 FACE="Arial">not re-transmit, copy, store, or reveal the
contents of this message to any third party.</FONT></P>
<BR>
<BR>
<BR>
<BR>
------_=_NextPart_001_01C5E4C6.DAFA2010--
|