Hi List
I would like to mention that the selected port range udp 1001,1009 and
tcp 11000,11300
have only been re compiled on the Amanda client, thus I haven't been
opened on both amanda client and amanda server ends of the firewall.
I didn't want to re compile a productive amanda tape server plus I used
the default software within SuSE Linux Enterprise Server 9.
So if I have to open the selected port range on the amanda tape server
can I just edit /etc/services and add the 1001 and 1009 systems
privileged ports.
or have I got to run the --with-udpportrange=1001,1009 thus having to
start from scratch
which is not really feasible.
amanda 1001/udp # Amanda
amanda 1009/udp # Amanda
Cheers
On Tue, 2006-02-14 at 15:56 +0000, Chuck Amadi Systems Administrator
wrote:
> Hi all
>
> I have just edited my firewall and added a ipchain rule but I still got
> an error as below:
>
> Amanda Backup Client Hosts Check
> --------------------------------
> ERROR: server.my.co.uk: [host fw.smtl.co.uk: port 62679 not secure]
> Client check: 4 hosts checked in 10.780 seconds, 1 problem found
>
> Here is also my Amanda Debug file:
> less /tmp/amanda/amandad.20060214163540.debug
>
> Amanda 2.4 REQ HANDLE 003-D0990808 SEQ 1139931009
> SECURITY USER amanda
> SERVICE noop
> OPTIONS features=ecfffeff9ffe0f;
> --------
>
> amandad: time 0.000: sending ack:
> ----
> Amanda 2.4 ACK HANDLE 003-D0990808 SEQ 1139931009
> ----
>
> amandad: time 0.006: sending REP packet:
> ----
> Amanda 2.4 REP HANDLE 003-D0990808 SEQ 1139931009
> ERROR [host fw.my.co.uk: port 62679 not secure]
> ----
>
> amandad: time 0.007: got packet:
> ----
> Amanda 2.4 ACK HANDLE 003-D0990808 SEQ 1139931009
> ----
>
> I have setup my fw rules as below:
>
> # Amanda Client - Enterprise random udp forks to Nemesis Server
> ################################################################
> ipchains -A input -i $EXTERNAL_INTERFACE -p udp -s 193.XX.XX.XXX
> 1001:1009 -j ACCEPT
>
> ipchains -A input -i $EXTERNAL_INTERFACE -p udp -s 193.XX.XX.XXX
> 10080:10083 -j ACCEPT
>
> Outgoing packets are allowed from behind our firewall and all forwaded
> to our main file server that is the same server for amanda backup tape
> server
>
> I re compiled amanda client as below:
>
> ./configure --with-user=amanda --with-group=disk
> --with-configdir=/etc/amanda --with-udpportrange=1001, 1009
> --with-tcpportrange=11000, 11300
>
> I haven't edited the /etc/services as I had read this does not effect
> initial UDP request made from the amanda tape server.
>
> I have read and digested learnt a few things but I am still having
> issues using Amanda between hosts separated by a firewall using
> ipchains.
>
> Cheers for your help.
>
>
>
--
Unix/ Linux Systems Administrator
Chuck Amadi
The Surgical Material Testing Laboratory (SMTL),
Princess of Wales Hospital
Coity Road
Bridgend,
United Kingdom, CF31 1RQ.
Email chuck.smtl.co.uk
Tel: +44 1656 752820
Fax: +44 1656 752830
|