Amanda-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Still get ERROR [host fw.my.co.uk: port 62679 not secure] after I added my ipchain rule:

2006-02-16 11:07:58
Subject: Still get ERROR [host fw.my.co.uk: port 62679 not secure] after I added my ipchain rule:
From: Chuck Amadi Systems Administrator <chuck AT smtl.co DOT uk>
To: Amanda List <amanda-users AT amanda DOT org>
Date: Thu, 16 Feb 2006 16:02:35 +0000 
Hi List sorry for the continuous cries for help.

Regarding Amanda and ipchains rules it didn't work Amanda client on server was 
still
forking to secure ports that weren't  in my udp range. I run tcpdump
port 10080 on server.

Then run /usr/sbin/amcheck DailySet1 on tape-server tape server.

server output below:
tcpdump: listening on eth0
16:41:14.529918 firewall.my.co.uk.64524 > server.my.co.uk.amanda: udp
117 (DF)
16:41:14.537221 server.my.co.uk.amanda > firewall.my.co.uk.64524: udp
50 (DF)
16:41:14.543520 server.my.co.uk.amanda > firewall.my.co.uk.64524: udp
100 (DF)

Thus on server less /tmp/amanda/amandad.20060216164114.debug

Amanda 2.4 REQ HANDLE 003-D0990808 SEQ 1140104146
SECURITY USER amanda
SERVICE noop
OPTIONS features=fffffeff9ffe0f;
--------

amandad: time 0.000: sending ack:
----
Amanda 2.4 ACK HANDLE 003-D0990808 SEQ 1140104146
----

amandad: time 0.006: sending REP packet:
----
Amanda 2.4 REP HANDLE 003-D0990808 SEQ 1140104146
ERROR [host firewall.my.co.uk: port 64524 not secure]
----

It should have forked to the ports in udp port range that I had compiled
with the switch --with-udpportrange=1001,1009 .

I am still trouble shooting and awaiting info on mailing list.
I had edit my firewall and added the following ipchain rules
Outgoing mail has no restrictions. 1001 and 1009 is what I used for the udp 
port range and I use 11000 11030 for tcp port range I am led to believe that 
this doesn't cause any isses with the ussally amanda ports 10080,10082 and 
10083.
################################################################
ipchains -A input -i $EXTERNAL_INTERFACE -p udp -s 193.xx.xx.xxx 1001:1009 -j 
ACCEPT
ipchains -A input -i $EXTERNAL_INTERFACE -p udp -s 193.xx.xx.xxx 10080:10083 -j 
ACCEPT
Any other tips in order to get through the firewall until one day move to 
iptables.

Cheers
-- 
Unix/ Linux Systems Administrator
Chuck Amadi
The Surgical Material Testing Laboratory (SMTL), 
Princess of Wales Hospital 
Coity Road 
Bridgend, 
United Kingdom, CF31 1RQ.
Email chuck.smtl.co.uk
Tel: +44 1656 752820 
Fax: +44 1656 752830
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  AW: AW: AW: Question: does this DLT Drive work?, Sebastian Koesters
Next by Date:  AW: AW: AW: AW: Question: does this DLT Drive work?, Sebastian Koesters
Previous by Thread:  AW: AW: AW: Question: does this DLT Drive work?, Sebastian Koesters
Next by Thread:  Re: Still get ERROR [host fw.my.co.uk: port 62679 not secure] after I added my ipchain rule:, Paul Bijnens
Indexes:  [Date] [Thread] [Top] [All Lists]