Amanda-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Amanda/firewall --with-portrange

2005-09-29 14:59:32
Subject: RE: Amanda/firewall --with-portrange
From: "Brenckle, Nicholas" <NBrenckle AT dsl DOT net>
To: "'dleangen AT canada DOT com'" <dleangen AT canada DOT com>, amanda-users AT amanda DOT org
Date: Thu, 29 Sep 2005 14:50:23 -0400 
I searched the archives and found your posts. I made it work, and I'll give
a quick rundown of what did not work until what did.

Default config, no go.

Tried --with-(tcp/udp)portrange=10000,10100  also no go. The Amanda software
complained about insecure ports. Not much to go on there.

Tried --with-(tcp/udp)portrange=850,854 no go. No more complaints about
secure port, but still tried backup connections on high numbered ports, so
that didn't work. Couldn't figure out why it insisted on using high numbers.
Sooo...

Finally worked with different ranges for udp and tcp (udp 850-854 and tcp
10000 to 10100). Now it's happy.

Thanks for the advice.

-Nick

-----Original Message-----
From: owner-amanda-users AT amanda DOT org [mailto:owner-amanda-users AT amanda 
DOT org]
On Behalf Of David Leangen
Sent: Thursday, September 29, 2005 1:25 PM
To: amanda-users AT amanda DOT org
Subject: RE: Amanda/firewall --with-portrange


I recently had similar issues. Look for a post in the archives about 2 weeks
ago that discussed the same topic. A few people gave very helpful replies
already that should apply in your case, too.

Brief summary:

 - --with-tcp-portrange is not needed
 - you must configure the same values on both client and server


Those were the main points.

Otherwise, depending on the number of clients you have, you may need to
allocate more ports than you did.


Good luck!


Dave




-----Original Message-----
From: owner-amanda-users AT amanda DOT org [mailto:owner-amanda-users AT amanda 
DOT org]On
Behalf Of Brenckle, Nicholas
Sent: 30 September 2005 02:07
To: 'amanda-users AT amanda DOT org'
Subject: Amanda/firewall --with-portrange



I am having a weird problem with the portrange specification. My situation
is reversed from most configurations in the FAQ as my host is behind the fw,
while the backup server sits in front of it. There is no NAT going on.

Amanda was compile from the source RPM, I added the following to the SPEC
file:

        --with-portrange=850,854 \
        --with-tcpportrange=850,854 \
        --with-udpportrange=850,854

I put the server and client RPMS on my backup/tape server, and the client
RPM on the client.  Both are running Fedora Core 1 if that matters.

Amcheck will work, and I can see the traffic (using tcpdump) running mostly
on port 850, sometimes on port 851.

The problem is when I run amdump, I get a few things going back/forth on the
850-854 range, and then the server tries to connect to the client  some high
number port, in this test, 48111. That isn't going to work. J Why does it do
this? Only ports 850-854 are allowed, that's why I specified them in the
compile.  Suggestions? Tcpdump output from the server shown below. If I open
all ports up at the firewall the software works, so I don't think it's a
network/server problem, it has to be related to the allowed ports of the
firewall.

Thanks,

Nick


12:39:02.178374 backup01.mynetwork.net.851 >
client-station.mynetwork.net.amanda: udp 117 (DF)
12:39:02.190269 client-station.mynetwork.net.amanda >
backup01.mynetwork.net.851: udp 50 (DF)
12:39:02.211152 client-station.mynetwork.net.amanda >
backup01.mynetwork.net.851: udp 83 (DF)
12:39:02.211381 backup01.mynetwork.net.851 >
client-station.mynetwork.net.amanda: udp 50 (DF)
12:39:02.221191 backup01.mynetwork.net.851 >
client-station.mynetwork.net.amanda: udp 309 (DF)
12:39:02.235417 client-station.mynetwork.net.amanda >
backup01.mynetwork.net.851: udp 50 (DF)
12:39:04.508871 client-station.mynetwork.net.amanda >
backup01.mynetwork.net.851: udp 118 (DF)
12:39:04.509057 backup01.mynetwork.net.851 >
client-station.mynetwork.net.amanda: udp 50 (DF)
12:39:04.527624 backup01.mynetwork.net.854 >
client-station.mynetwork.net.amanda: udp 223 (DF)
12:39:04.540252 client-station.mynetwork.net.amanda >
backup01.mynetwork.net.854: udp 50 (DF)
12:39:04.571890 client-station.mynetwork.net.amanda >
backup01.mynetwork.net.854: udp 125 (DF)
12:39:04.571983 backup01.mynetwork.net.854 >
client-station.mynetwork.net.amanda: udp 50 (DF)
12:39:04.580725 backup01.mynetwork.net.40590 >
client-station.mynetwork.net.48111: S 3871447985:3871447985(0) win 5840 <mss
1460,sackOK,timestamp 188668545 0,nop,wscale 0> (DF)
12:39:07.574415 backup01.mynetwork.net.40590 >
client-station.mynetwork.net.48111: S 3871447985:3871447985(0) win 5840 <mss
1460,sackOK,timestamp 188668845 0,nop,wscale 0> (DF)
12:39:13.574422 backup01.mynetwork.net.40590 >
client-station.mynetwork.net.48111: S 3871447985:3871447985(0) win 5840 <mss
1460,sackOK,timestamp 188669445 0,nop,wscale 0> (DF)
12:39:25.574414 backup01.mynetwork.net.40590 >
client-station.mynetwork.net.48111: S 3871447985:3871447985(0) win 5840 <mss
1460,sackOK,timestamp 188670645 0,nop,wscale 0> (DF)
12:39:49.574418 backup01.mynetwork.net.40590 >
client-station.mynetwork.net.48111: S 3871447985:3871447985(0) win 5840 <mss
1460,sackOK,timestamp 188673045 0,nop,wscale 0> (DF)
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Disable Tape Compression, Christopher Davis
Next by Date:  Re: Amanda/firewall --with-portrange, Stefan G. Weichinger
Previous by Thread:  RE: Amanda/firewall --with-portrange, David Leangen
Next by Thread:  Re: Amanda/firewall --with-portrange, Stefan G. Weichinger
Indexes:  [Date] [Thread] [Top] [All Lists]