Amanda-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Port NNNN not secure (revisited)

2006-07-18 09:19:09
Subject: Re: Port NNNN not secure (revisited)
From: Matt Hyclak <hyclak AT math.ohiou DOT edu>
To: amanda-users AT amanda DOT org
Date: Tue, 18 Jul 2006 14:10:54 -0400 
On Tue, Jul 18, 2006 at 10:53:52AM -0700, Mike Allen enlightened us:
> Jon LaBadie wrote:
> >On Mon, Jul 17, 2006 at 09:32:01AM -0700, Mike Allen wrote:
> >  
> >>The following occurred while compiling with the values you suggested:
> >><snip>
> >>
> >>make  install-data-hook
> >>chown operator /usr/local/man/man8/amanda.8
> >>chgrp operator /usr/local/man/man8/amanda.8
> >>chown operator /usr/local/man/man8/amanda.conf.5
> >>chown: /usr/local/man/man8/amanda.conf.5: No such file or directory
> >>*** Error code 1
> >>
> >>Stop in /usr/ports/misc/amanda-client/work/amanda-2.4.5p1/man.
> >>*** Error code 1
> >>
> >>Stop in /usr/ports/misc/amanda-client/work/amanda-2.4.5p1/man.
> >>*** Error code 1
> >>
> >>Stop in /usr/ports/misc/amanda-client/work/amanda-2.4.5p1/man.
> >>*** Error code 1
> >>
> >>Stop in /usr/ports/misc/amanda-client/work/amanda-2.4.5p1.
> >>
> >>
> >>Why is it looking in /usr/local/man/man8 for a man5 manual page?
> >>I have seen this before.
> >>
> >>    
> >
> >That was a defect created when the man page for amanda.conf(5)
> >was split from amanda(8).  It was corrected in a later release.
> >As I recall it was a very simple editing correction to the makefile(s)
> >to do the installation.  Otherwise manually install the manpages.
> >
> >  
> I have done the following:
> 
> tcpportrange = 50000,50100
> udpportrange=512,1023
> 
> Did a 'make distclean' before configuring with the above parameters.
> Did the same configuring on both the client and server.
> Opened the specified ports on my Netgear firewall (ie. Port-forwarded 
> the ports to the IP address of
> my tape server host)
> 
> The results seem to be the same:
> 
> 09:07:09:07:45.431266 IP famrad.familyradio.org.50327 > 
> familyserv.familyradio.org.amanda: UDP, length: 123
> 09:07:45.475830 IP familyserv.familyradio.org.amanda > 
> famrad.familyradio.org.50327: UDP, length: 50
> 09:07:45.476738 IP familyserv.familyradio.org.amanda > 
> famrad.familyradio.org.50327: UDP, length: 109
> 09:07:45.480662 IP famrad.familyradio.org.50327 > 
> familyserv.familyradio.org.amanda: UDP, length: 50
> 
> 
> Why is port 50327 being referenced? I don't have any ports opened there.
> 
> What am I doing wrong? Maybe I have to change to an IP-Tables based 
> firewall?
> 
> Does anybody have any experience or insight on this?
> 

If you're going through a NAT, then there is a port translation that is
taking place. That's probably where that's coming from. Can you lock
specific ports on the firewall device to not be remapped? If not, you'll
probably want to look into some sort of VPN or tunnel.

Matt

-- 
Matt Hyclak
Department of Mathematics 
Department of Social Work
Ohio University
(740) 593-1263
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: DLE size causes amflush to hit end of tape, Jon LaBadie
Next by Date:  Re: Port NNNN not secure (revisited), Mike Allen
Previous by Thread:  Re: Port NNNN not secure (revisited), Mike Allen
Next by Thread:  To whom it may concern, Stefan G. Weichinger
Indexes:  [Date] [Thread] [Top] [All Lists]