David Leangen wrote:
http://wiki.zmanda.com/index.php/Configuration_with_iptables
How does the ip_conntrack_amanda kernel module fits in here?
I think that just using that module simplifies a lot of the setup.
I'm not sure sure it handles amrecover connections though...
Oh!
Well... I never even noticed that this existed. I'll look into that. Indeed,
that does seem a lot simpler.
A description of a configuration without that kernel module is still
handy too. There were bugs in several versions of that kernel module
making it unusable. And some people could base their settings
of a non iptables firewall (FW1 etc) on this description.
And, not using it myself, a positive feedback that it can handle
all the situations is good:
- server behind firewall, client in dmz, client on the internet
- server behind NAT, client behind NAT, both behind NAT
- amrecover in all the situations above
Even with ip_conntrack_amanda you need to be sure to have some ports
allowed too: from server to client udp 10080 at least!
From client to server, TCP port 10082 10083 is also needed for amrecover
I think.
--
Paul Bijnens, Xplanation Tel +32 16 397.511
Technologielaan 21 bus 2, B-3001 Leuven, BELGIUM Fax +32 16 397.512
http://www.xplanation.com/ email: Paul.Bijnens AT xplanation DOT com
***********************************************************************
* I think I've got the hang of it now: exit, ^D, ^C, ^\, ^Z, ^Q, ^^, *
* F6, quit, ZZ, :q, :q!, M-Z, ^X^C, logoff, logout, close, bye, /bye, *
* stop, end, F3, ~., ^]c, +++ ATH, disconnect, halt, abort, hangup, *
* PF4, F20, ^X^X, :D::D, KJOB, F14-f-e, F8-e, kill -1 $$, shutdown, *
* init 0, kill -9 1, Alt-F4, Ctrl-Alt-Del, AltGr-NumLock, Stop-A, ... *
* ... "Are you sure?" ... YES ... Phew ... I'm out *
***********************************************************************
|