firewall issues (I think)
2003-05-27 14:41:45
I have got AMANDA to back up the server to itself, but I'm still having
troubles backing up my first client.
The amanda server is "mybox", trying to back up the client "jayhawker". When I
run amcheck I get the error "jayhawker: [access as amanda not allowed from
amanda@mybox] amandahostsauth failed"... even though
/var/lib/amanda/.amandahosts contains "mybox amanda" and "jayhawker amanda" on
both the client and the server just to be sure.
I've gone through things listed in the FAQ several times (using RedHat9 so I've
made sure /etc/services /etc/xinetd.conf /etc/hosts.allow all have the proper
entries)... This seems to be some kind of firewall issue though. If I map mybox
to 192.168.2.101 (the "real" ip I'm using) then amcheck says "host down?" but
when mybox is mapped to 127.0.0.1 I don't get the host down error (disklist
uses mybox as the host name).
This entry in the FAQ looks promising:
________________________
Keep in mind also that amanda uses random ports < 1024 on the server when
servicing remote clients.
For instance on Red Hat 7.1 I needed a line like this one in
/etc/sysconfig/ipchains:
-A input -s {client IP address}/32 -d 0/0 0:1024 -p udp -j ACCEPT
or prepend 'ipchains ' to the above for a command line version.
kronenpj AT netzero DOT net <mailto:kronenpj AT netzero DOT
net?subject=Amanda%20Faq-O-Matic>
However this fresh install of RedHat9 isn't using ipchains, it looks like it is
just using "iptables" instead... Just as a test I used "lokkit" to disable the
"linux firewall" completely on both client and server but I still get the host
not allowed error. I even tried editing the client's /etc/hosts.allow adding
"amanda : mybox : ALLOW" instead of just "amanda : 192.168.2.101 : ALLOW"... ??
On jayhawker, each time I run amcheck I see something this in /var/log/secure
May 27 09:44:26 jayhawker xinetd[28751]: START: amanda pid=22417
from=192.168.2.101
and there are no new entries to /var/log/messages
The debug files in /tmp/amanda on the client look ok as far as I can tell
except for this:
----
amandad: time 0.002: bsd security: remote host mybox user amanda local user aman
da
amandad: time 0.002: check failed: [access as amanda not allowed from amanda@myb
ox] amandahostsauth failed
amandad: time 0.002: sending REP packet:
----
Amanda 2.4 REP HANDLE 001-E85B0608 SEQ 1054042943
ERROR [access as amanda not allowed from amanda@mybox] amandahostsauth failed
----
Does anyone happen to have any RedHat9 specific advice on setting up the
firewall (using the command line or even something like Webmin), or any other
clues? I'm going over the items in the FAQ one by one again (double checking
"inetd.conf" (xinetd.conf for me) etc)....
Thanks!!
_______________________
Jeremy Martin
Network Technician
http://www.gsi-kc.com
mailto:jmartin AT gsi-kc DOT com
|
|
|