Re: [Bacula-users] Firewall fun
2009-06-24 13:47:17
On Tue, 2009-06-23 at 21:52 +0200, Arno Lehmann wrote:
> Hi,
>
> 23.06.2009 17:04, Dirk Bartley wrote:
> > Sure, iptables allows for connection based rules as well as the old
> > ipchains style rules based rules.
> >
> > So your probably using connection based rules like :
> > iptables -A INPUT -p tcp -m state --state ESTABLISHED -j ACCEPT
> > iptables -A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT
> >
> > just add something like
> >
> > iptables -A INPUT -p tcp --source fd_dmz_ipaddress --destination
> > sd_internal_address --dport 9103 ACCEPT
>
> Yup. That should work.
>
> But back to your problem, Dirk: Have you tried the "heartbeat
> interval" setting? That should generate some traffic so that the pix
> doesn't time-out the seemingly stale connection.
Tried 2 different things and on of them fixed it. Added heartbeat
interval = 90 to the file daemon in the dmz and also added "sysopt
connection timewait" to the firewall. One of the two fixed it, well at
least I got a good full backup last night.
Thanks for the suggesion!
Dirk
>
> Arno
------------------------------------------------------------------------------
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
|
|
|