Andreas, thanks for writing and your advice. Unfortunately, I can't control any
aspect of the firewall. It is administered by another group within my
organization. I don't believe that they understand the firewall software
thoroughly. Furthermore, it seems to be five-year-old software which is no
longer being maintained. I don't believe that it's very sophisticated and able
to use syn/ack flags. I'm very frustrated.
If you tell me that I have to open all ports from 1024 through 65535, using
TCP, inbound from my client(s) to my tapehost, that's fine with me. I don't
believe that this is a significant security risk. However, I have to spell out
exactly what I need, in this format, for the firewall administrators to act on
it.
Thanks again for your thoughts.
-Kevin
>>> Andreas Putzo <andreas AT inferno.nadir DOT org> 09/13/04 05:07PM >>>
On Monday 13 September 2004 22:54, KEVIN ZEMBOWER wrote:
[amanda network traffic]
I don't know for sure, but i think, amanda won't bind to a specific from-port.
Normally the kernel choses a high (semi-)random port. But you can still
build your firewall rules depending on the destination host/port and syn/ack
flags for the tcp connections.
regards,
Andreas
|