|
Re: upd port restictions
2009-03-29 18:43:32
Brian Cuttler wrote, On 3/24/2009 7:42 AM:
Jean-Louis,
On Tue, Mar 24, 2009 at 10:37:22AM -0400, Jean-Louis Martineau wrote:
Hi,
Server use tcp port between 10084 and 10100 to connect to client
trel.wadsworth.org on port 56446.
It looks good.
Do you have firewall on server or client? Disable them while you test
amanda.
Can you post server and client debug files?
We've opened the ports that we expected to use on the client,
the server is not running a FW.
I'd thought that the amanda TCP ports where well known and
had assumed it was the dump on the client that was choosing
a upd port that the server was not listening to because of
--with-udpportrange=932,948.
We will disable FW on the MAC for further testing, but I
know that there is a preference to keep it running. Are
the ports predictable so that we can at least somewhat
restrict the range ?
I believe the ports *are* predictable to an extent, Jean-Louis. I've
successfully configured a FreeBSD Amanda server to backup another
FreeBSD server running a firewall in the past.
I used:
<http://wiki.zmanda.com/index.php/Configuration_with_iptables#IP_Traffic>
and
<http://wiki.zmanda.com/index.php/TCP/UDP_ports>
for guidance.
--
Glenn Gillis
Information Technology Manager
Environmental Law Alliance Worldwide
U.S. Office
http://www.elaw.org
BK - please disable FW, at least for testing, let me know
when does and I'll initiate amdump.
thank you,
Brian
Jean-Louis
Brian Cuttler wrote:
I am running Amanda 2.6.1-20090227 on Solaris 10 with ZFS and
snapshots !! to an LTO4 in a SL24 jukebox.
I'm trying to add some remote clients, starting with the one
that gives me the most trouble. Moving the MAC with 300 Gig
of storage to the x4500 amanda platform with the Gig interface
and off of the SF280 with the 100 Meg interface and the LTO3...
However we find the following error on the server
FAILURE DUMP SUMMARY:
trel / lev 0 FAILED [too many dumper retry: "[could not connect DATA
stream: can't connect stream to trel.wadsworth.org port 56446:
Connection timed out]"]
We did build the server with port restrictions, because that is
the way we are going.
--with-udpportrange=932,948
--with-tcpportrange=10084,10100
We seem to have build the amand client on the MAC without port
restrictions, the client is 2.4.5p1.
Is there any magic, short of a client rebuild to resolve
the error ? I am on the correct path ? My mac expert is
hoping he doesn't have to relearn how to rebuild, or is
there a current MAC build with port restriction in use
available ?
thank you,
Brian
---
Brian R Cuttler brian.cuttler AT wadsworth DOT org
Computer Systems Support (v) 518 486-1697
Wadsworth Center (f) 518 473-6384
NYS Department of Health Help Desk 518 473-0773
IMPORTANT NOTICE: This e-mail and any attachments may contain
confidential or sensitive information which is, or may be, legally
privileged or otherwise protected by law from further disclosure. It
is intended only for the addressee. If you received this in error or
>from someone who was not authorized to send it to you, please do not
distribute, copy or use it or any attachments. Please notify the
sender immediately by reply e-mail and delete this from your
system. Thank you for your cooperation.
---
Brian R Cuttler brian.cuttler AT wadsworth DOT org
Computer Systems Support (v) 518 486-1697
Wadsworth Center (f) 518 473-6384
NYS Department of Health Help Desk 518 473-0773
IMPORTANT NOTICE: This e-mail and any attachments may contain
confidential or sensitive information which is, or may be, legally
privileged or otherwise protected by law from further disclosure. It
is intended only for the addressee. If you received this in error or
from someone who was not authorized to send it to you, please do not
distribute, copy or use it or any attachments. Please notify the
sender immediately by reply e-mail and delete this from your
system. Thank you for your cooperation.
smime.p7s
Description: S/MIME Cryptographic Signature
|
|
|
