Amanda-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

port not secure

2007-10-23 05:17:03
Subject: port not secure
From: fedora <zuki AT abamon DOT com>
To: amanda-users AT amanda DOT org
Date: Tue, 23 Oct 2007 02:09:27 -0700 (PDT) 
Hi all,

Previously I have a amanda server and a few clients. All server and clients
used public IP and all backups are running fine. After that I migrated
amanda server to other machine (use private ip in LAN). In the LAN I have
one central firewall (pfSense) which is control everything to come in and go
out to internet.

the diagrams looks like this:

before migration: old amanda server (public ip) -> internet
after migration: new amanda server (private ip) -> fw (pfSense) -> internet



When running amcheck, I got this problem:

Amanda Tape Server Host Check
-----------------------------
Holding disk /data/amandadumps/holdingdisk: 1153795892 KB disk space
available, using 102400000 KB as requested
slot 2: read label `DailySet1-02', date `20070928020001'
NOTE: skipping tape-writable test
Tape DailySet1-02 label ok
Server check took 0.091 seconds

Amanda Backup Client Hosts Check
--------------------------------
ERROR: NAK client.com: host server.com: port 50889 not secure
Client check: 1 host checked in 0.018 seconds, 1 problem found

(brought to you by Amanda 2.5.1p3)


This is amcheck log:

amcheck: debug 1 pid 14634 ruid 501 euid 0: start at Tue Oct 23 03:47:58
2007
amcheck: debug 1 pid 14634 ruid 501 euid 501: rename at Tue Oct 23 03:47:58
2007
security_getdriver(name=BSD) returns 0xfd10e0
security_handleinit(handle=0x9195928, driver=0xfd10e0 (BSD))
amcheck-clients: time 0.005: bind_portrange2: Try  port 703: Available   -
Success
amcheck-clients: time 0.005: dgram_bind: socket bound to 0.0.0.0.703
amcheck-clients: dgram_send_addr(addr=0xbf996580, dgram=0xfd2004)
amcheck-clients: time 0.013: (sockaddr_in *)0xbf996580 = { 2, 10080,
202.53.250.141 }
amcheck-clients: dgram_send_addr: 0xfd2004->socket = 4
amcheck-clients: time 0.018: dgram_recv(dgram=0xfd2004, timeout=0,
fromaddr=0xfe1ff0)
amcheck-clients: time 0.018: (sockaddr_in *)0xfe1ff0 = { 2, 10080,
202.53.250.141 }
security_close(handle=0x9195928, driver=0xfd10e0 (BSD))
changer_query: changer return was 14 1
changer_query: searchable = 0
changer_find: looking for DailySet1-02 changer is searchable = 0
amcheck: pid 14634 finish time Tue Oct 23 03:47:58 2007


I have gone trough this:
http://wiki.zmanda.com/index.php/Port_NNNN_is_not_secure
- for the first solution, it's already owner by root and got setuid
- for the second solution, what I understand is we have to configure the
clients to respond with port between 0 -> 1023. But I did not do it for my
previous amanda server. So, I leave it first. 


I did DNAT for port 10080 udp and port 50000:50100 in my pfSense too. Now
all settings same as my previous amanda server. I only changed my old amanda
server name and ip to new one to all related settings.

Can someone help me? I really don't have any ideas. 
-- 
View this message in context: 
http://www.nabble.com/port-not-secure-tf4676055.html#a13359998
Sent from the Amanda - Users mailing list archive at Nabble.com.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • port not secure, fedora <=
Previous by Date:  Re: dumps too big, Paul Bijnens
Next by Date:  RE: amanda tape stats, Krahn, Anderson
Previous by Thread:  dumps too big, Krahn, Anderson
Next by Thread:  Amanda connection problems in 2.5.2_p1, Lindsay Haisley
Indexes:  [Date] [Thread] [Top] [All Lists]