Still get ERROR [host fw.my.co.uk: port 62679 not secure] after I added my ipchain rule:
2006-02-16 11:07:58
Hi List sorry for the continuous cries for help.
Regarding Amanda and ipchains rules it didn't work Amanda client on server was
still
forking to secure ports that weren't in my udp range. I run tcpdump
port 10080 on server.
Then run /usr/sbin/amcheck DailySet1 on tape-server tape server.
server output below:
tcpdump: listening on eth0
16:41:14.529918 firewall.my.co.uk.64524 > server.my.co.uk.amanda: udp
117 (DF)
16:41:14.537221 server.my.co.uk.amanda > firewall.my.co.uk.64524: udp
50 (DF)
16:41:14.543520 server.my.co.uk.amanda > firewall.my.co.uk.64524: udp
100 (DF)
Thus on server less /tmp/amanda/amandad.20060216164114.debug
Amanda 2.4 REQ HANDLE 003-D0990808 SEQ 1140104146
SECURITY USER amanda
SERVICE noop
OPTIONS features=fffffeff9ffe0f;
--------
amandad: time 0.000: sending ack:
----
Amanda 2.4 ACK HANDLE 003-D0990808 SEQ 1140104146
----
amandad: time 0.006: sending REP packet:
----
Amanda 2.4 REP HANDLE 003-D0990808 SEQ 1140104146
ERROR [host firewall.my.co.uk: port 64524 not secure]
----
It should have forked to the ports in udp port range that I had compiled
with the switch --with-udpportrange=1001,1009 .
I am still trouble shooting and awaiting info on mailing list.
I had edit my firewall and added the following ipchain rules
Outgoing mail has no restrictions. 1001 and 1009 is what I used for the udp
port range and I use 11000 11030 for tcp port range I am led to believe that
this doesn't cause any isses with the ussally amanda ports 10080,10082 and
10083.
################################################################
ipchains -A input -i $EXTERNAL_INTERFACE -p udp -s 193.xx.xx.xxx 1001:1009 -j
ACCEPT
ipchains -A input -i $EXTERNAL_INTERFACE -p udp -s 193.xx.xx.xxx 10080:10083 -j
ACCEPT
Any other tips in order to get through the firewall until one day move to
iptables.
Cheers
--
Unix/ Linux Systems Administrator
Chuck Amadi
The Surgical Material Testing Laboratory (SMTL),
Princess of Wales Hospital
Coity Road
Bridgend,
United Kingdom, CF31 1RQ.
Email chuck.smtl.co.uk
Tel: +44 1656 752820
Fax: +44 1656 752830
|
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Still get ERROR [host fw.my.co.uk: port 62679 not secure] after I added my ipchain rule:,
Chuck Amadi Systems Administrator <=
|
|
|