All servers are in my /28 block (the one in question is .27),
Well my ipfilter rules say:
# amanda tape backup (tcp/udp:10080, 10082,
10083)(tcp:50000-500040,udp:890-899)
pass out quick on dc1 proto tcp from any to 216.138.226.16/28 port =
10080 flags S keep state group 20
pass out quick on dc1 proto tcp from any to 216.138.226.16/28 port =
10082 flags S keep state group 20
pass out quick on dc1 proto tcp from any to 216.138.226.16/28 port =
10083 flags S keep state group 20
pass out quick on dc1 proto udp from any to 216.138.226.16/28 port =
10080 keep state group 20
pass out quick on dc1 proto udp from any to 216.138.226.16/28 port =
10082 keep state group 20
pass out quick on dc1 proto udp from any to 216.138.226.16/28 port =
10083 keep state group 20
pass out quick on dc1 proto tcp from any to 216.138.226.16/28 port 49999
>< 50041 flags S keep state group 20
pass out quick on dc1 proto udp from any to 216.138.226.16/28 port 889
>< 900 keep state group 20
# amanda tape backup (tcp/udp:10080, 10082,
10083)(tcp:50000-500040,udp:890-899)
pass in quick on dc1 proto tcp from 216.138.226.16/28 to any port =
10080 flags S keep state group 30
pass in quick on dc1 proto tcp from 216.138.226.16/28 to any port =
10082 flags S keep state group 30
pass in quick on dc1 proto tcp from 216.138.226.16/28 to any port =
10083 flags S keep state group 30
pass in quick on dc1 proto udp from 216.138.226.16/28 to any port =
10080 keep state group 30
pass in quick on dc1 proto udp from 216.138.226.16/28 to any port =
10082 keep state group 30
pass in quick on dc1 proto udp from 216.138.226.16/28 to any port =
10083 keep state group 30
pass in quick on dc1 proto tcp from 216.138.226.16/28 to any port 49999
>< 50041 flags S keep state group 30
pass in quick on dc1 proto udp from 216.138.226.16/28 to any port 889 ><
900 keep state group 30
with the rules off, all 7 servers work, with the rules on all but one
work. I have installed a new client with the port ranges set (as noted
in the rules) and I am seeing the same thing, here is the amstats
output:
samba# su amanda -c 'amstatus Daily'
Using /var/amanda/Daily/logs/amdump from Tue Nov 4 18:02:29 EST 2003
cvs.bwlogic.com:/etc 0 1150k estimate done
cvs.bwlogic.com:/var/cvs 0 180020k estimate done
cvs.bwlogic.com:/var/log 0 1430k estimate done
dns1.bwlogic.com:/etc getting estimate
dns1.bwlogic.com:/usr/local/vpopmail getting estimate
dns1.bwlogic.com:/usr/local/www getting estimate
dns1.bwlogic.com:/var/log getting estimate
dns2.bwlogic.com:/etc 0 1190k estimate done
dns2.bwlogic.com:/var/log 0 10220k estimate done
fw.bwlogic.com:/etc 0 1510k estimate done
fw.bwlogic.com:/var/log 0 230k estimate done
mysql.bwlogic.com:/dbdata 0 25460k estimate done
mysql.bwlogic.com:/etc 0 1380k estimate done
mysql.bwlogic.com:/var/log 0 4750k estimate done
samba.bwlogic.com:/backup/bwlogic 0 4661460k estimate done
samba.bwlogic.com:/backup/storage 0 40k estimate done
samba.bwlogic.com:/db 0 10k estimate done
samba.bwlogic.com:/etc 0 1160k estimate done
samba.bwlogic.com:/var/log 0 470k estimate done
samba.bwlogic.com:/web 0 672810k estimate done
www1.bwlogic.com:/etc 0 1380k estimate done
www1.bwlogic.com:/usr/local/www 0 411780k estimate done
www1.bwlogic.com:/var/log 0 430k estimate done
www2.bwlogic.com:/etc 0 1380k estimate done
www2.bwlogic.com:/usr/local/www 0 257680k estimate done
www2.bwlogic.com:/var/log 0 930k estimate done
SUMMARY part real estimated
size size
partition : 26
estimated : 22 6236870k
flush : 0 0k
failed : 0 0k ( 0.00%)
wait for dumping: 0 0k ( 0.00%)
dumping to tape : 0 0k ( 0.00%)
dumping : 0 0k 0k ( 0.00%) ( 0.00%)
dumped : 0 0k 0k ( 0.00%) ( 0.00%)
wait for writing: 0 0k 0k ( 0.00%) ( 0.00%)
wait to flush : 0 0k 0k (100.00%) ( 0.00%)
writing to tape : 0 0k 0k ( 0.00%) ( 0.00%)
failed to tape : 0 0k 0k ( 0.00%) ( 0.00%)
taped : 0 0k 0k ( 0.00%) ( 0.00%)
all dumpers active
taper idle
dns1 stays at "getting estimate" for like 2 hours, then it times out and
the backup runs. This is so odd, the second odd thing to happen with
this server so rebuilding from scratch might actually be an option.
Thanks for your time and reading my lengthy email, any help you can
provide would go to good use.
TIA
Jay
-----Original Message-----
From: owner-amanda-users AT amanda DOT org
[mailto:owner-amanda-users AT amanda DOT org] On Behalf Of
donald.ritchey AT exeloncorp DOT com
Sent: Tuesday, November 04, 2003 5:29 PM
To: jlavigne AT bwlogic DOT com; jlb17 AT duke DOT edu
Cc: amanda-users AT amanda DOT org
Subject: RE: What ports does Amanda use?
Make sure you rebuild both client and server, since the server is the
one
that initiates the connection to the client. Its choice of ports must
match
the ones that the client expects to see.
In general, I have found that I must make sure that both ends of an
Amanda
connection are configured consistently to have successful connections.
You might want to set up a separate test configuration that uses the
version
of Amanda with the port range options set. This will allow you to
verify
that the selected port ranges work for your firewall/server/client
combination without affecting your other servers (which are sill working
correctly). Once your experimentation is complete, then you can merge
the
two configurations.
Another avenue of exploration:
Check to see that your firewall has all seven servers in the same rule
set
(it sounds to me like the last server is being treated differently,
possibly
because it is on a different subnet, belongs to a different department,
is
in a different risk class, etc.). If the rules are different for the
seventh server, then a simple rule modification on the firewall to
permit
Amanda connections may resolve the entire issue without rebuilding
Amanda.
Hopefully one or more of these suggestions helps.
Don
Donald L. (Don) Ritchey
E-mail: Donald.Ritchey AT exeloncorp DOT com
-----Original Message-----
From: Jason Lavigne [mailto:jlavigne AT bwlogic DOT com]
Sent: Tuesday, November 04, 2003 3:34 PM
To: 'Joshua Baker-LePain'
Cc: amanda-users AT amanda DOT org
Subject: RE: What ports does Amanda use?
Should I be using
./configure --with-tcpportrange=50000,50040 --with-udpportrange=890,899
on the client, server or both?
I am still confused why 6 out of 7 servers in my DMZ (behind a firewall)
work as-is, it is just one server that is giving me a headache. I know
it is a firewall related issue cause if I turn off the firewall the
Amanda dump works fine on all 7 servers, but with it on one server fails
to connect. I am rebuilding the client first with the --with-tcp* and
--wint-udp* options to see if this works.
My Amanda server in on my private LAN connecting in to the DMZ.
Jay
-----Original Message-----
From: owner-amanda-users AT amanda DOT org
[mailto:owner-amanda-users AT amanda DOT org] On Behalf Of Joshua Baker-LePain
Sent: Tuesday, November 04, 2003 3:56 PM
To: Jason Lavigne
Cc: amanda-users AT amanda DOT org
Subject: Re: What ports does Amanda use?
On Tue, 4 Nov 2003 at 1:47pm, Jason Lavigne wrote
> Is it just tcp 10080 - 10083?
Read docs/PORT.USAGE. It's udp 10080 and any unpriviledged tcp ports
(well, 3 at a time).
--
Joshua Baker-LePain
Department of Biomedical Engineering
Duke University
************************************************************************
This e-mail and any of its attachments may contain Exelon Corporation
proprietary information, which is privileged, confidential, or subject
to copyright belonging to the Exelon Corporation family of Companies.
This e-mail is intended solely for the use of the individual or entity
to which it is addressed. If you are not the intended recipient of this
e-mail, you are hereby notified that any dissemination, distribution,
copying, or action taken in relation to the contents of and attachments
to this e-mail is strictly prohibited and may be unlawful. If you have
received this e-mail in error, please notify the sender immediately and
permanently delete the original and any copy of this e-mail and any
printout. Thank You.
************************************************************************
|
