Networker
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Networker] Backing up through a Firewall

2005-11-22 19:19:59
Subject: Re: [Networker] Backing up through a Firewall
From: Peter Viertel <Peter.Viertel AT MACQUARIE DOT COM>
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Date: Wed, 23 Nov 2005 11:17:44 +1100 
We do it fairly successfully.... Only for small servers though, and
security guys are not all that happy with the ruleset needed.

As it stands in 6.1.3 onwards:

If networker server is called bkserver, and client is called
ntclient....


1. tcp_keepalive on bkserver set to shorter than firewall's tcp timeout.
2. ntclient has  NSR_KEEPALIVE_WAIT env variable set to shorter number
of minutes than firewall's tcp timeout.
3. firewall rules needed:

Bkserver   ->  ntclient:TCP destination ports 7937,7938
Ntclient   ->  bkserver:TCP destination ports 7937-9936

Firewall must not NAT.

ntclient must be able to resolve bkserver's hostname and reverse ip
lookup.


Tech Bulletin here:   http://www.legato.com/resources/bulletins/388.html


There is some discussion in the doco about reducing the port range, but
in the end you need to have rules permitting inward connections to 1 or
more ports without a listener, and when you think about it, having 2000
open ports is no worse than just 1. Although reducing the range seems to
make managers happier at least.

It is rumoured that 7.3 wont fix the need for the inward connection
rules, although it may allow NAT, and should be easier to deal with the
DNS issues.


-----Original Message-----
From: Legato NetWorker discussion [mailto:NETWORKER AT listserv.temple DOT edu]
On Behalf Of Sackson [US], Mark A.
Sent: Wednesday, 23 November 2005 8:23 AM
To: NETWORKER AT listserv.temple DOT edu
Subject: [Networker] Backing up through a Firewall

I was wondering if anybody is able to backup a server located in the
other side of a firewall from the NetWorker server?

I have tried to follow the Admin guide, but somehow it seems that the
server needs to make contact with the NetWorker server first, then once
the client has been created, you can modify it.

Any help would be greatly appreciated.

I am using NetWorker 7.2 on an AIX 5.1 server.

Thanks,

Mark A. Sackson

To sign off this list, send email to listserv AT listserv.temple DOT edu and
type "signoff networker" in the body of the email. Please write to
networker-request AT listserv.temple DOT edu if you have any problems wit this
list. You can access the archives at
http://listserv.temple.edu/archives/networker.html or via RSS at
http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER



NOTICE
This e-mail and any attachments are confidential and may contain copyright 
material of Macquarie Bank or third parties. If you are not the intended 
recipient of this email you should not read, print, re-transmit, store or act 
in reliance on this e-mail or any attachments, and should destroy all copies of 
them. Macquarie Bank does not guarantee the integrity of any emails or any 
attached files. The views or opinions expressed are the author's own and may 
not reflect the views or opinions of Macquarie Bank.

To sign off this list, send email to listserv AT listserv.temple DOT edu and 
type "signoff networker" in the
body of the email. Please write to networker-request AT listserv.temple DOT edu 
if you have any problems
wit this list. You can access the archives at 
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Networker] Backing up through a Firewall, swiss
Next by Date:  [Networker] AW: [Networker] Backing up through a Firewall, IT-Administration ST
Previous by Thread:  Re: [Networker] Backing up through a Firewall, Matthew Robert
Next by Thread:  [Networker] AW: [Networker] Backing up through a Firewall, IT-Administration ST
Indexes:  [Date] [Thread] [Top] [All Lists]