David Leangen wrote:

 http://wiki.zmanda.com/index.php/Configuration_with_iptables

How does the ip_conntrack_amanda kernel module fits in here?
I think that just using that module simplifies a lot of the setup.

I'm not sure sure it handles amrecover connections though...

Oh!

Well... I never even noticed that this existed. I'll look into that. Indeed,
that does seem a lot simpler.

A description of a configuration without that kernel module is still
handy too.  There were bugs in several versions of that kernel module
making it unusable.  And some people could base their settings
of a non iptables firewall (FW1 etc) on this description.

And, not using it myself, a positive feedback that it can handle
all the situations is good:
- server behind firewall, client in dmz, client on the internet
- server behind NAT, client behind NAT, both behind NAT
- amrecover in all the situations above

Even with ip_conntrack_amanda you need to be sure to have some ports
allowed too:  from server to client udp 10080 at least!
From client to server, TCP port 10082 10083 is also needed for amrecover
I think.

--
Paul Bijnens, Xplanation                            Tel  +32 16 397.511
Technologielaan 21 bus 2, B-3001 Leuven, BELGIUM    Fax  +32 16 397.512
http://www.xplanation.com/          email:  Paul.Bijnens AT xplanation DOT com
***********************************************************************
* I think I've got the hang of it now:  exit, ^D, ^C, ^\, ^Z, ^Q, ^^, *
* F6, quit, ZZ, :q, :q!, M-Z, ^X^C, logoff, logout, close, bye, /bye, *
* stop, end, F3, ~., ^]c, +++ ATH, disconnect, halt,  abort,  hangup, *
* PF4, F20, ^X^X, :D::D, KJOB, F14-f-e, F8-e,  kill -1 $$,  shutdown, *
* init 0, kill -9 1, Alt-F4, Ctrl-Alt-Del, AltGr-NumLock, Stop-A, ... *
* ...  "Are you sure?"  ...   YES   ...   Phew ...   I'm out          *
***********************************************************************