Hi Paul
I'm running 2.4.4p2 on my amanda clients and tape server.
Anyway the file exists in my version,rin make clean > I edited the
common-src/security.c file and added "1 ||" string to the if statement
to line 232.
Thus run make > make clean > make install and run on my server client
that sits on the other side of Firewall.
./configure --with-user=amanda --with-group=disk
--with-configdir=/etc/amanda --with-uspportrange=11000,111030
--with-tcpportrange=11000,11030
Thus tcpdump port 10080 on the amanda client and run amcheck Config on
the tape server.
As you stated it's still forking to the firewall ipnumber and not the
tape server.
Cheers for your help
On Thu, 2006-02-16 at 17:52 +0100, Paul Bijnens wrote:
> On 02/16/2006 05:02 PM, Chuck Amadi Systems Administrator wrote:
> > Hi List sorry for the continuous cries for help.
> >
> > Regarding Amanda and ipchains rules it didn't work Amanda client on server
> > was still
> > forking to secure ports that weren't in my udp range. I run tcpdump
> > port 10080 on server.
>
> > ERROR [host firewall.my.co.uk: port 64524 not secure]
>
> So the firewall does NAT (that is why, from the client's point of view,
> the ipnumber is the firewall itself, and not the amanda server, and the
> portnumber is >60000).
>
> So, as already said, you should patch the client amanda software only
> for that host (i.e. no need to install that version on any other machine
> or amanda server), to disable the check for a udp source port < 1024:
>
> For amanda 2.4.5p1, edit the file common-src/security.c:
>
> You find this section:
>
> 229
> 230 /* next, make sure the remote port is a "reserved" one */
> 231
> 232 if(ntohs(addr->sin_port) >= IPPORT_RESERVED) {
> 233 ap_snprintf(number, sizeof(number), "%d",
> ntohs(addr->sin_port));
> 234 *errstr = vstralloc("[",
> 235 "host ", remotehost, ": ",
> 236 "port ", number, " not secure",
> 237 "]", NULL);
> 238 amfree(remotehost);
> 239 return 0;
> 240 }
>
> and make test test succeed always, by changing line 232:
>
> 232 if(1 || ntohs(addr->sin_port) >= IPPORT_RESERVED) {
>
>
> i.e. add the "1 ||" string to the if statement.
>
--
Unix/ Linux Systems Administrator
Chuck Amadi
The Surgical Material Testing Laboratory (SMTL),
Princess of Wales Hospital
Coity Road
Bridgend,
United Kingdom, CF31 1RQ.
Email chuck.smtl.co.uk
Tel: +44 1656 752820
Fax: +44 1656 752830
|