Hi Paul
Nah still getting ipnumber of the firewall not tape server.
# tcpdump port 10080
tcpdump: listening on eth0
13:37:12.636083 firewall.my.co.uk.62374 > server.my.co.uk.amanda: udp
117 (DF)
13:37:22.740457 firewall.my.co.uk.62374 > server.my.co.uk.amanda: udp
117 (DF)
13:37:32.800639 firewall.my.co.uk.62374 > server.my.co.uk.amanda: udp
117 (DF)
Thus DF means packets are still fragmented and not getting through.
Any other ideas.
Cheers for your help
Thu, 2006-02-16 at 17:52 +0100, Paul Bijnens wrote:
> On 02/16/2006 05:02 PM, Chuck Amadi Systems Administrator wrote:
> > Hi List sorry for the continuous cries for help.
> >
> > Regarding Amanda and ipchains rules it didn't work Amanda client on server
> > was still
> > forking to secure ports that weren't in my udp range. I run tcpdump
> > port 10080 on server.
>
> > ERROR [host firewall.my.co.uk: port 64524 not secure]
>
> So the firewall does NAT (that is why, from the client's point of view,
> the ipnumber is the firewall itself, and not the amanda server, and the
> portnumber is >60000).
>
> So, as already said, you should patch the client amanda software only
> for that host (i.e. no need to install that version on any other machine
> or amanda server), to disable the check for a udp source port < 1024:
>
> For amanda 2.4.5p1, edit the file common-src/security.c:
>
> You find this section:
>
> 229
> 230 /* next, make sure the remote port is a "reserved" one */
> 231
> 232 if(ntohs(addr->sin_port) >= IPPORT_RESERVED) {
> 233 ap_snprintf(number, sizeof(number), "%d",
> ntohs(addr->sin_port));
> 234 *errstr = vstralloc("[",
> 235 "host ", remotehost, ": ",
> 236 "port ", number, " not secure",
> 237 "]", NULL);
> 238 amfree(remotehost);
> 239 return 0;
> 240 }
>
> and make test test succeed always, by changing line 232:
>
> 232 if(1 || ntohs(addr->sin_port) >= IPPORT_RESERVED) {
>
>
> i.e. add the "1 ||" string to the if statement.
>
--
Unix/ Linux Systems Administrator
Chuck Amadi
The Surgical Material Testing Laboratory (SMTL),
Princess of Wales Hospital
Coity Road
Bridgend,
United Kingdom, CF31 1RQ.
Email chuck.smtl.co.uk
Tel: +44 1656 752820
Fax: +44 1656 752830
|