Amanda-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Still get ERROR [host fw.my.co.uk: port 62679 not secure] after I added my ipchain rule:

2006-02-14 11:22:33
Subject: Re: Still get ERROR [host fw.my.co.uk: port 62679 not secure] after I added my ipchain rule:
From: Chuck Amadi Systems Administrator <chuck AT smtl.co DOT uk>
To: Amanda List <amanda-users AT amanda DOT org>
Date: Tue, 14 Feb 2006 16:17:37 +0000 
Hi List

I would like to mention that the selected port range udp 1001,1009 and
tcp 11000,11300
have only been re compiled on the Amanda client, thus I haven't been
opened on both amanda client and amanda server ends of the firewall.

I didn't want to re compile a productive amanda tape server plus I used
the default software within SuSE Linux Enterprise Server 9.

So if I have to open the selected port range on the amanda tape server
can I just edit /etc/services and add the 1001 and 1009 systems
privileged ports.
or have I got to run the --with-udpportrange=1001,1009 thus having to
start from scratch
which is not really feasible.

amanda          1001/udp  # Amanda
amanda          1009/udp  # Amanda

Cheers

On Tue, 2006-02-14 at 15:56 +0000, Chuck Amadi Systems Administrator
wrote:
> Hi all
> 
> I have just edited my firewall and added a ipchain rule but I still got
> an error as below:
> 
> Amanda Backup Client Hosts Check
> --------------------------------
> ERROR: server.my.co.uk: [host fw.smtl.co.uk: port 62679 not secure]
> Client check: 4 hosts checked in 10.780 seconds, 1 problem found
> 
> Here is also my Amanda Debug file:
> less /tmp/amanda/amandad.20060214163540.debug
> 
> Amanda 2.4 REQ HANDLE 003-D0990808 SEQ 1139931009
> SECURITY USER amanda
> SERVICE noop
> OPTIONS features=ecfffeff9ffe0f;
> --------
> 
> amandad: time 0.000: sending ack:
> ----
> Amanda 2.4 ACK HANDLE 003-D0990808 SEQ 1139931009
> ----
> 
> amandad: time 0.006: sending REP packet:
> ----
> Amanda 2.4 REP HANDLE 003-D0990808 SEQ 1139931009
> ERROR [host fw.my.co.uk: port 62679 not secure]
> ----
> 
> amandad: time 0.007: got packet:
> ----
> Amanda 2.4 ACK HANDLE 003-D0990808 SEQ 1139931009
> ----
> 
> I have setup my fw rules as below:
> 
> # Amanda Client - Enterprise random udp forks to Nemesis Server 
> ################################################################
> ipchains -A input -i $EXTERNAL_INTERFACE -p udp -s 193.XX.XX.XXX
> 1001:1009 -j ACCEPT
> 
> ipchains -A input -i $EXTERNAL_INTERFACE -p udp -s 193.XX.XX.XXX
> 10080:10083  -j ACCEPT
> 
> Outgoing packets are allowed from behind our firewall and all forwaded
> to our main file server that is the same server for amanda backup tape
> server
> 
> I re compiled amanda client as below:
> 
> ./configure --with-user=amanda --with-group=disk
> --with-configdir=/etc/amanda --with-udpportrange=1001, 1009
> --with-tcpportrange=11000, 11300
> 
> I haven't edited the /etc/services as I had read this does not effect
> initial UDP request made from the amanda tape server.
> 
> I have read and digested learnt a few things but I am still having
> issues using Amanda between hosts separated by a firewall using
> ipchains.
> 
> Cheers for your help.
> 
> 
> 
-- 
Unix/ Linux Systems Administrator
Chuck Amadi
The Surgical Material Testing Laboratory (SMTL), 
Princess of Wales Hospital 
Coity Road 
Bridgend, 
United Kingdom, CF31 1RQ.
Email chuck.smtl.co.uk
Tel: +44 1656 752820 
Fax: +44 1656 752830
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Still get ERROR [host fw.my.co.uk: port 62679 not secure] after I added my ipchain rule:, Chuck Amadi Systems Administrator
Next by Date:  Re: Still get ERROR [host fw.my.co.uk: port 62679 not secure] after I added my ipchain rule:, Paul Bijnens
Previous by Thread:  Re: Still get ERROR [host fw.my.co.uk: port 62679 not secure] after I added my ipchain rule:, Chuck Amadi Systems Administrator
Next by Thread:  Re: Still get ERROR [host fw.my.co.uk: port 62679 not secure] after I added my ipchain rule:, Paul Bijnens
Indexes:  [Date] [Thread] [Top] [All Lists]