Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bacula-users] Firewall problems

2009-10-23 16:59:21
Subject: Re: [Bacula-users] Firewall problems
From: "Terry L. Inzauro" <tinzauro AT ha-solutions DOT net>
To: Gabriel - IP Guys <Gabriel AT impactteachers DOT com>
Date: Fri, 23 Oct 2009 15:54:54 -0500 
Gabriel - IP Guys wrote:
> 
> 
> Dear All,
> 
>  
> 
> I need some fresh eyes on this at the moment. I made this entry in the
> firewall scripts of my Linux servers which will be running some
> component of Bacula
> 
>  
> 
> iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 9101:9103
> -j ACCEPT
> 
>  
> 
> I will add the source directive when I'm looking it all down, will this
> line in the firewall of all clients will allow bacula to work correctly?
> For some reason, I am having issues getting this to work, the
> configuration is fine, because it can backup and communicate locally
> with no issues. Any tips would be appreciated. Thank you
> 
> ---
> 
> Kind Regards,
> 
> Mr Gabriel
> 
>  
> 

also, I'm assuming you are talking about a seperate linux firewall/gateway. my 
previous post is not for iptables running on
the backup client.

client config would look something like this:

# Flush old rules, old custom tables
iptables --flush
iptables --delete-chain

# Set default policies for all three default chains
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

# Enable free use of loopback interfaces
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# All TCP sessions should begin with SYN
iptables -A INPUT -p tcp ! --syn -m state --state NEW -s 0.0.0.0/0 -j DROP

# Accept inbound TCP packets
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 9103 -m state --state NEW -s 0.0.0.0/0 -j 
ACCEPT

# Accept inbound ICMP messages
iptables -A INPUT -p ICMP --icmp-type 8 -s 0.0.0.0/0 -j ACCEPT
iptables -A INPUT -p ICMP --icmp-type 11 -s 0.0.0.0/0 -j ACCEPT

# Accept outbound packets
iptables -I OUTPUT 1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p udp --dport 53 -m state --state NEW -j ACCEPT

------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bacula-users] Firewall problems, Terry L. Inzauro
Next by Date:  Re: [Bacula-users] Firewall problems, Thomas Bennett
Previous by Thread:  Re: [Bacula-users] Firewall problems, Terry L. Inzauro
Next by Thread:  Re: [Bacula-users] Firewall problems, Thomas Bennett
Indexes:  [Date] [Thread] [Top] [All Lists]