Amanda-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Still getting timeout, is there ANYTHING else I should look at?

2003-05-19 13:38:48
Subject: Re: Still getting timeout, is there ANYTHING else I should look at?
From: Gene Heskett <gene.heskett AT verizon DOT net>
To: "Rebecca Pakish Crum" <rebecca AT unterlaw DOT com>, <amanda-users AT amanda DOT org>
Date: Mon, 19 May 2003 13:36:03 -0400 
On Monday 19 May 2003 11:50, Rebecca Pakish Crum wrote:
>> I think you are running into timeouts in the firewall now.  If
>> its iptables, I think there is a way to cut an amanda hole thru
>> it, but I'm not that much of a guru on iptables.  What did you
>> change in the firewall 2 weeks ago?  Or, if you are running
>> something like portsentry, did it decide amanda was wearing a
>> black hat and write a new rule into iptables?
>>
>> I realise I'm fishing here, but it might be things to check.
>
>Fishing is good - sometimes you catch something. The two are on
> the same firewall...just different interfaces/subnets. The client
> is on 10.1.10.x while server is on 10.1.8.x...routing table tells
> interfaces where everyone is. There weren't any firewall rules
> dealing with this...I just added one that lets the server have
> its way with the client...though this should have no bearing.

You might have to reverse that rule too.  If there is a timeout in 
the firewall, then the client is blocked from making its reply as 
that socket has been torn down.  The client should be able to 
re-open it in that case.

>Client is a sol6 client...no iptables to be concerned
> with...server is running RH8, but we're not using iptables there,
> either; no portsentry...we're not big enough to worry about stuff
> like that...as long as fw keeps unwanted guests out, we're
> satisfied. (As well as hardening all boxes internally ;) )
>
>I haven't changed anything on the firewall before today. ???

Then you go back to the debug logs as someone else suggested and see 
how long it takes, then give it another 50% in time cushion for all 
conditions.

As far as "not being big enough to worry about that", scuse me, but 
is it exposed to the internet at all?  If so, you need that stuff.  
I'd much rather read about failed attempts in the logs than have to 
clean up after some script kiddie by doing a fresh install.  Who 
knows, maybe the problem is that you've already been rooted, and 
amanda is the only visible casualty.  However, I do tend to let the 
router and the firewall have all the responsibility in that 
somebody has to get thru both to get into things here, but these 
two machines have carte blanche with each other, with iptables 
doing the connections between 2 seperate ethernet cards, and  a dsl 
router between that and the dsl modem.

However that sol6 install might be Jon's area of expertise too.

-- 
Cheers, Gene
AMD K6-III@500mhz 320M
Athlon1600XP@1400mhz  512M
99.26% setiathome rank, not too shabby for a WV hillbilly
Yahoo.com attornies please note, additions to this message
by Gene Heskett are:
Copyright 2003 by Maurice Eugene Heskett, all rights reserved.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Still getting timeout, is there ANYTHING else I should look at?, Rebecca Pakish Crum
Next by Date:  disklist problems, Mats Blomstrand
Previous by Thread:  Re: Still getting timeout, is there ANYTHING else I should look at?, Paul Bijnens
Next by Thread:  RE: Still getting timeout, is there ANYTHING else I should look at?, Rebecca Pakish Crum
Indexes:  [Date] [Thread] [Top] [All Lists]