On Sat, May 14, 2005 at 05:29:10PM -0400, Joshua Baker-LePain enlightened us:
For the first time ever i have to backup a machine over the 'internet' -
This client is using iptables as its firewall. Does anyone have an iptables
rule they would like to share that would allow amanda through to be able to
backup this client?
If you haven't compiled with any "portrange" options, you'll have to do
something like this:
-A INPUT -p udp -s $AMANDA_SERVER -d 0/0 --dport 10080 -j ACCEPT
-A INPUT -p tcp -m tcp -s $AMANDA_SERVER -d 0/0 --dport 1025:65535 -j ACCEPT
Or
-A INPUT -p udp -s $AMANDA_SERVER -d $AMANDA_CLIENT --dport 10080 -j ACCEPT
and load the ip_conntrack_amanda kernel module. I use the following in
/etc/modprobe.conf:
options ip_conntrack_amanda master_timeout=2400
install ip_tables /sbin/modprobe --ignore-install ip_tables && \
/sbin/modprobe ip_conntrack_amanda
(Lines 2 & 3 are all one line)
This sets the UDP timeout for amanda packets to 2400 seconds, up from the
default 300 (don't hold me to that, it might be 600). I was getting estimate
timeouts since they were taking longer than 300/600 seconds and the firewall
would close the port.
Makes things a little more secure than opening up everything > 1024 ;-)
Matt
