> ... I spoke with our LAN people, who are vehemently opposed to
punching holes
> in the firewall but instead suggested that I enable another NIC on the
bkup
> server and and hook it into the DMZ network ...
??? Are they joking or am I .... ? You are making your networker
server just a router between dmz and prod zone ... and bypassing
all your FWs ...
>From DMZ, you can gain access to prod just changing
default gateway to backup server and prod zone, to dmz
using same way .....
Was just my 2 cents ...
Kind regards - Bien cordialement - Vriendelijke groeten,
Thierry FAIDHERBE
HP Services - Storage Division
Tru64 Unix and Legato Enterprise Backup Solutions Consultant
********* ********* HEWLETT - PACKARD
******* h ******* 1 Rue de l'aeronef/Luchtschipstraat
****** h ****** 1140 Bruxelles/Brussel/Brussels
***** hhhh pppp *****
***** h h p p ***** 100/102 Blv de la Woluwe/Woluwedal
***** h h pppp ***** 1200 Bruxelles/Brussel/Brussels
****** p ****** BELGIUM
******* p *******
********* ********* Phone : +32 (0)2 / 729.85.42
Mobile : +32 (0)498/ 94.60.85
Fax : +32 (0)2 / 729.88.30
I N V E N T Email/MSN : thierry.faidherbe(at)hp.com
Internet : http://www.hp.com/
________________________________________________________________________
MOBISTAR SA/NV
CSO/CTO/CEO/SSD/SBI
SYSTEM Team Charleroi, Mermoz 2 Phone : +32 (0)2 / 745.75.81
Avenue Jean Mermoz, 32 Fax : +32 (0)2 / 745.89.56
6041 GOSSELIES Email : tfhaidhe(at)mail.mobistar.be
BELGIUM Web : http://www.mobistar.be/
________________________________________________________________________
-----Original Message-----
From: Legato NetWorker discussion [mailto:NETWORKER AT LISTSERV.TEMPLE DOT EDU]
On Behalf Of Ty Young
Sent: Thursday, October 20, 2005 6:41 PM
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Subject: [Networker] configuring a NW server with two NICs (DMZ bkups)
I've searched the archives but not found anything pertaining to my
situation. Please forgive me if I missed something.
I have a Solaris-based NW 721 server which backs up a number of clients
(UNIX) nightly. Recently a particular client was moved into the DMZ
and
assigned a new IP, so understandably NW choked on backing it up since
the
client's nsrexecd could no longer talk to nsrd on the server.
I spoke with our LAN people, who are vehemently opposed to punching
holes
in the firewall but instead suggested that I enable another NIC on the
bkup
server and and hook it into the DMZ network. We've done this, so now
the
config looks like this:
clientIP: x.x.x.19 (DMZ space)
serverIP: x.x.9.26 (LAN IP)
and x.x.x.23 (DMZ space, same subnet as clientIP)
At this point my head is so full of useless information about firewalls,
ports, etc. that I cannot think straight and solve this problem. What
am
I doing wrong?
Thx in advance
Phillip T. ("Ty") Young, DMA
Manager, Data Center and Backup/Recovery Services
Information Services
i2 Technologies, Inc.
To sign off this list, send email to listserv AT listserv.temple DOT edu and
type "signoff networker" in the
body of the email. Please write to networker-request AT listserv.temple DOT edu
if you have any problems
wit this list. You can access the archives at
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
To sign off this list, send email to listserv AT listserv.temple DOT edu and
type "signoff networker" in the
body of the email. Please write to networker-request AT listserv.temple DOT edu
if you have any problems
wit this list. You can access the archives at
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
|
