Amanda-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Firewall, amanda client and ports

2007-07-19 07:58:32
Subject: Re: Firewall, amanda client and ports
From: Jean-Louis Martineau <martineau AT zmanda DOT com>
To: Marc Muehlfeld <Marc.Muehlfeld AT medizinische-genetik DOT de>
Date: Thu, 19 Jul 2007 07:38:26 -0400 
Marc Muehlfeld wrote:

Morning,

Jean-Louis Martineau schrieb:

Yes you only need to allow connection to port 10080.
This isn't added to the wiki right now, isn't it? At least I didn't saw it there. 

Just some more questions about that:
* destination-port is 10080 udp, thats clear. But from with source ports is the server connecting? (>1024 ?) 
With bsdtcp auth, destination-port is 10080 TCP, source ports < 1024
See docs/howto-auth.txt in the distribution
and http://wiki.zmanda.com/index.php/Server/Client_authentication
* The data connection is still handled over tcp, I think. Will this be handled over the iptables_conntrack module? Or do I need ip_conntrack_amanda/ip_nat_amanda for that? 
No others port needed with bsdtcp auth. No firewall rules needed.
* Could this be done only with 2.5.2p1 (and later) server and clients? Or can I have older clients too? 
Require 2.5.1 or above for client and server.
Older client or server can only use bsd auth, with destination-port 10080 UDP, firewall rules are needed to allow the tcp connection. 

Jean-Louis
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: amstatus: no estimate and disk was stranded on waitq, Marc Muehlfeld
Next by Date:  Re: Firewall, amanda client and ports, Charles Stroom
Previous by Thread:  Re: Firewall, amanda client and ports, Marc Muehlfeld
Next by Thread:  Re: Firewall, amanda client and ports, Charles Stroom
Indexes:  [Date] [Thread] [Top] [All Lists]