ADSM-L

Re: linux client setup through firewall - what source port?

2004-09-11 16:05:21
Subject: Re: linux client setup through firewall - what source port?
From: showersofblessings <tayo70s AT YAHOO DOT COM>
Date: Sat, 11 Sep 2004 12:50:21 -0700
Stef,

Note: this is a personal view.

There are usually two ports involved in a TCP
communication: the listening and the talking port.
What is usually defined during a TCP dependent
software configuration is the listening port which has
to be static, while the talking port is randomly
generated by the system.
And since the value of your schedmod is "polling",
port 32850 might be the one your client was using to
try poll the server and it timed out because the
server didn't response back.


Jimmy.


 issue on the server.
--- Stef Coene <stef.coene AT DOCUM DOT ORG> wrote:
> On Friday 10 September 2004 22:02, T. Lists wrote:
> On Friday 10 September 2004 22:02, T. Lists wrote:
> > Hey all - I know this one has been asked before,
> but I
> > can't seem to find a solution to my problem.  IBM
> has
> > been a bit snitty - telling me it's a
> > "communications/network" problem.  Ok, maybe not
> > snitty - maybe I'm just having a bad day.
> >
> > Anyway.
> >
> > TSM server AIX 5.1, TSM 5.2.0
> > Linux client TSM 5.2.3
> >
> > The linux client is in the dmz outside the
> firewall.
> > (And, for the record, I've never set up a client
> that
> > was outside the firewall)  I've tried both the
> "method
> > 1" and "method 2" called out in the Unix BA
> manual.
> > Now I'm concentrating on "method 1" which is the
> > method where you open ports on the firewall.
> >
> > Have asked my firewall admin to open ports 1500,
> 1501,
> > 1581.  He says they are open.
> 1500 is enough
>
> > dsm.sys contains (among other things)
> >    COMMmethod         TCPip
> >    TCPPort            1500
> >    TCPServeraddress   <server ip addr>
> >    passwordaccess     generate
> >    schedmode          polling
> >    nodename           lin01
> >    tcpclientaddress   <client ip addr>
> >    httpport           1581
> >    tcpclientport      1501
> >    webports           1582  1583
> >
> > Simply trying a "dsmc inc" from the client
> eventually
> > times out with:
> >
> >    [root@lin01 var]# dsmc inc
> >    IBM Tivoli Storage Manager
> >    Command Line Backup/Archive Client Interface -
> >                 Version 5, Release 2, Level 3.0
> >    (c) Copyright by IBM Corporation and other(s)
> >                 1990, 2004. All Rights Reserved.
> >
> >    Node Name: LIN01
> >    ANS1017E Session rejected: TCP/IP connection
> >                 failure
> >
> >
> > Running a tcpdump during this shows that the
> > destination port that is trying to be reached is
> 1500
> > on the server (which is correct), but the source
> port
> > on the client is 32850.  I assume my problem is
> > because the firewall admin hasn't opened port
> 32850 -
> > however from other posts I gather this is a
> randomly
> > assigned port on the client?  Is it governed by a
> > parameter I'm unaware of?  Or, might this  not be
> my
> > problem at all?
> That's not the problem.
> Your client connects TO port 1500 on the TSM server.
>  So you have to open port
> 1500 to your TSM server.  But each connection
> requires also a port on the
> client to receive data and that's port 32850.  But
> the firewall knows this
> and will allow the packets coming back.
>
> Just open the port 1500 from the client in the dmz
> to the server in your lan
> and it shoud work.
>
> Stef
>




__________________________________
Do you Yahoo!?
Y! Messenger - Communicate in real time. Download now.
http://messenger.yahoo.com