On Sat, May 14, 2005 at 05:29:10PM -0400, Joshua Baker-LePain enlightened us:
> > For the first time ever i have to backup a machine over the 'internet' -
> > This client is using iptables as its firewall. Does anyone have an iptables
> > rule they would like to share that would allow amanda through to be able to
> > backup this client?
> 
> If you haven't compiled with any "portrange" options, you'll have to do 
> something like this:
> 
> -A INPUT -p udp -s $AMANDA_SERVER -d 0/0 --dport 10080 -j ACCEPT
> -A INPUT -p tcp -m tcp -s $AMANDA_SERVER -d 0/0 --dport 1025:65535 -j ACCEPT

Or 

-A INPUT -p udp -s $AMANDA_SERVER -d $AMANDA_CLIENT --dport 10080 -j ACCEPT

and load the ip_conntrack_amanda kernel module. I use the following in
/etc/modprobe.conf:

options ip_conntrack_amanda master_timeout=2400
install ip_tables /sbin/modprobe --ignore-install ip_tables && \
/sbin/modprobe ip_conntrack_amanda

(Lines 2 & 3 are all one line)

This sets the UDP timeout for amanda packets to 2400 seconds, up from the
default 300 (don't hold me to that, it might be 600). I was getting estimate
timeouts since they were taking longer than 300/600 seconds and the firewall
would close the port.

Makes things a little more secure than opening up everything > 1024 ;-)

Matt

-- 
Matt Hyclak
Department of Mathematics 
Department of Social Work
Ohio University
(740) 593-1263

pgpnN7161s38v.pgp
Description: PGP signature