Mary,

I have Amanda server inside my LAN and Amanda client outside my LAN,
with a firewall in between.

The firewall is configured as follow:

- all rules are statefull (the first packet opens the connection in
  both directions and keep the connection open).

- while the server is the first to contact the client on port 10080
  (rule 4), it may takes a LONG time before the client replies. So the
  state in the firewall would timeout (after a couple of minutes). So
  forth I added rule 1 (eaxct reverse of rule 4) to allow the reply to
  come through.

- I think I am missing the rules to do an amrecover from the client.

Best regards,

Olivier

Connection from client to server

1) pass in quick proto udp from clientIP port = 10080 to serverIP keep state 
group 100
2) pass in quick proto tcp from clientIP to serverIP port = 10083 flags S keep 
state group 100
3) pass in quick proto tcp from clientIP to serverIP port = 10082 flags S keep 
state group 100

Connections from server to client

4) pass in quick proto udp from serverIP to clientIP port = 10080 keep state 
group 200
5) pass in quick proto tcp from serverIP to clientIP flags S keep state group 
200