On 2006-02-17 13:23, Chuck Amadi Systems Administrator wrote:
As you stated it's still forking to the firewall ipnumber and not the
tape server.
("...forking..." ??? I'm afraid I don't understand that word in
this context...)
Yes, as expected, the client sees the request coming from the
NAT-firewall itself, but is that a problem?
Cheers for your help
On Thu, 2006-02-16 at 17:52 +0100, Paul Bijnens wrote:
On 02/16/2006 05:02 PM, Chuck Amadi Systems Administrator wrote:
Hi List sorry for the continuous cries for help.
Regarding Amanda and ipchains rules it didn't work Amanda client on server was
still
forking to secure ports that weren't in my udp range. I run tcpdump
port 10080 on server.
ERROR [host firewall.my.co.uk: port 64524 not secure]
So the firewall does NAT (that is why, from the client's point of view,
the ipnumber is the firewall itself, and not the amanda server, and the
portnumber is >60000).
So, as already said, you should patch the client amanda software only
for that host (i.e. no need to install that version on any other machine
or amanda server), to disable the check for a udp source port < 1024:
For amanda 2.4.5p1, edit the file common-src/security.c:
You find this section:
229
230 /* next, make sure the remote port is a "reserved" one */
231
232 if(ntohs(addr->sin_port) >= IPPORT_RESERVED) {
233 ap_snprintf(number, sizeof(number), "%d",
ntohs(addr->sin_port));
234 *errstr = vstralloc("[",
235 "host ", remotehost, ": ",
236 "port ", number, " not secure",
237 "]", NULL);
238 amfree(remotehost);
239 return 0;
240 }
and make test test succeed always, by changing line 232:
232 if(1 || ntohs(addr->sin_port) >= IPPORT_RESERVED) {
i.e. add the "1 ||" string to the if statement.
--
Paul Bijnens, xplanation Technology Services Tel +32 16 397.511
Technologielaan 21 bus 2, B-3001 Leuven, BELGIUM Fax +32 16 397.512
http://www.xplanation.com/ email: Paul.Bijnens AT xplanation DOT com
***********************************************************************
* I think I've got the hang of it now: exit, ^D, ^C, ^\, ^Z, ^Q, ^^, *
* F6, quit, ZZ, :q, :q!, M-Z, ^X^C, logoff, logout, close, bye, /bye, *
* stop, end, F3, ~., ^]c, +++ ATH, disconnect, halt, abort, hangup, *
* PF4, F20, ^X^X, :D::D, KJOB, F14-f-e, F8-e, kill -1 $$, shutdown, *
* init 0, kill -9 1, Alt-F4, Ctrl-Alt-Del, AltGr-NumLock, Stop-A, ... *
* ... "Are you sure?" ... YES ... Phew ... I'm out *
***********************************************************************
|