Re: Still getting timeout, is there ANYTHING else I should look at?
2003-05-19 13:38:48
On Monday 19 May 2003 11:50, Rebecca Pakish Crum wrote:
>> I think you are running into timeouts in the firewall now. If
>> its iptables, I think there is a way to cut an amanda hole thru
>> it, but I'm not that much of a guru on iptables. What did you
>> change in the firewall 2 weeks ago? Or, if you are running
>> something like portsentry, did it decide amanda was wearing a
>> black hat and write a new rule into iptables?
>>
>> I realise I'm fishing here, but it might be things to check.
>
>Fishing is good - sometimes you catch something. The two are on
> the same firewall...just different interfaces/subnets. The client
> is on 10.1.10.x while server is on 10.1.8.x...routing table tells
> interfaces where everyone is. There weren't any firewall rules
> dealing with this...I just added one that lets the server have
> its way with the client...though this should have no bearing.
You might have to reverse that rule too. If there is a timeout in
the firewall, then the client is blocked from making its reply as
that socket has been torn down. The client should be able to
re-open it in that case.
>Client is a sol6 client...no iptables to be concerned
> with...server is running RH8, but we're not using iptables there,
> either; no portsentry...we're not big enough to worry about stuff
> like that...as long as fw keeps unwanted guests out, we're
> satisfied. (As well as hardening all boxes internally ;) )
>
>I haven't changed anything on the firewall before today. ???
Then you go back to the debug logs as someone else suggested and see
how long it takes, then give it another 50% in time cushion for all
conditions.
As far as "not being big enough to worry about that", scuse me, but
is it exposed to the internet at all? If so, you need that stuff.
I'd much rather read about failed attempts in the logs than have to
clean up after some script kiddie by doing a fresh install. Who
knows, maybe the problem is that you've already been rooted, and
amanda is the only visible casualty. However, I do tend to let the
router and the firewall have all the responsibility in that
somebody has to get thru both to get into things here, but these
two machines have carte blanche with each other, with iptables
doing the connections between 2 seperate ethernet cards, and a dsl
router between that and the dsl modem.
However that sol6 install might be Jon's area of expertise too.
--
Cheers, Gene
AMD K6-III@500mhz 320M
Athlon1600XP@1400mhz 512M
99.26% setiathome rank, not too shabby for a WV hillbilly
Yahoo.com attornies please note, additions to this message
by Gene Heskett are:
Copyright 2003 by Maurice Eugene Heskett, all rights reserved.
|
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Still getting timeout, is there ANYTHING else I should look at?, Rebecca Pakish Crum
- RE: Still getting timeout, is there ANYTHING else I should look at?, Rebecca Pakish Crum
- RE: Still getting timeout, is there ANYTHING else I should look at?, Rebecca Pakish Crum
- RE: Still getting timeout, is there ANYTHING else I should look at?, Rebecca Pakish Crum
- RE: Still getting timeout, is there ANYTHING else I should look at?, Rebecca Pakish Crum
- RE: Still getting timeout, is there ANYTHING else I should look at?, Rebecca Pakish Crum
- RE: Still getting timeout, is there ANYTHING else I should look at?, Rebecca Pakish Crum
- RE: Still getting timeout, is there ANYTHING else I should look at?, Rebecca Pakish Crum
|
|
|