Amanda-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

firewall issues (I think)

2003-05-27 14:41:45
Subject: firewall issues (I think)
From: "Martin, Jeremy" <jmartin AT gsi-kc DOT com>
To: "AMANDA Users" <amanda-users AT amanda DOT org>
Date: Tue, 27 May 2003 09:58:34 -0500 
I have got AMANDA to back up the server to itself, but I'm still having 
troubles backing up my first client.

The amanda server is "mybox", trying to back up the client "jayhawker". When I 
run amcheck I get the error "jayhawker: [access as amanda not allowed from 
amanda@mybox] amandahostsauth failed"... even though 
/var/lib/amanda/.amandahosts contains "mybox amanda" and "jayhawker amanda" on 
both the client and the server just to be sure. 

I've gone through things listed in the FAQ several times (using RedHat9 so I've 
made sure /etc/services /etc/xinetd.conf /etc/hosts.allow all have the proper 
entries)... This seems to be some kind of firewall issue though. If I map mybox 
to 192.168.2.101 (the "real" ip I'm using) then amcheck says "host down?" but 
when mybox is mapped to 127.0.0.1 I don't get the host down error (disklist 
uses mybox as the host name).

This entry in the FAQ looks promising: 
________________________
Keep in mind also that amanda uses random ports < 1024 on the server when 
servicing remote clients.
For instance on Red Hat 7.1 I needed a line like this one in 
/etc/sysconfig/ipchains:
-A input -s {client IP address}/32 -d 0/0 0:1024 -p udp -j ACCEPT
or prepend 'ipchains ' to the above for a command line version. 
kronenpj AT netzero DOT net <mailto:kronenpj AT netzero DOT 
net?subject=Amanda%20Faq-O-Matic>

However this fresh install of RedHat9 isn't using ipchains, it looks like it is 
just using "iptables" instead... Just as a test I used "lokkit" to disable the 
"linux firewall" completely on both client and server but I still get the host 
not allowed error. I even tried editing the client's /etc/hosts.allow adding 
"amanda : mybox : ALLOW" instead of just "amanda : 192.168.2.101 : ALLOW"... ??


On jayhawker, each time I run amcheck I see something this in /var/log/secure

May 27 09:44:26 jayhawker xinetd[28751]: START: amanda pid=22417 
from=192.168.2.101

and there are no new entries to /var/log/messages

The debug files in /tmp/amanda on the client look ok as far as I can tell 
except for this:

----
amandad: time 0.002: bsd security: remote host mybox user amanda local user aman
da
amandad: time 0.002: check failed: [access as amanda not allowed from amanda@myb
ox] amandahostsauth failed
amandad: time 0.002: sending REP packet:
----
Amanda 2.4 REP HANDLE 001-E85B0608 SEQ 1054042943
ERROR [access as amanda not allowed from amanda@mybox] amandahostsauth failed
----

Does anyone happen to have any RedHat9 specific advice on setting up the 
firewall (using the command line or even something like Webmin), or any other 
clues? I'm going over the items in the FAQ one by one again (double checking 
"inetd.conf" (xinetd.conf for me) etc)....

Thanks!!
_______________________
Jeremy Martin
Network Technician
http://www.gsi-kc.com
mailto:jmartin AT gsi-kc DOT com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: firewall issues (I think), Paul Bijnens
Next by Date:  Re: How to label tapes with amanda!, Gene Heskett
Previous by Thread:  RE: firewall issues (I think), Martin, Jeremy
Next by Thread:  Re: firewall issues (I think), Paul Bijnens
Indexes:  [Date] [Thread] [Top] [All Lists]