|
Re: [Networker] Linux Client backup issues & Vmware
2008-03-03 12:39:47
Hello,
Backups have been failing for last few days, this morning for some reason,
everything worked fine, i do not have confirmation of any changes,
however, i am questioning the rule below that was active before.
If i were to interpret it it would appear that any UDP packets are all
being redirected ( destination) to port 224*** that could break the
backups ??
Not sure how this rule has disappeared today ? could this rules be invoked
dynamically ?
VMWARE:
The only thing done between when it did not work and now is that
vminstances were moved to different folder ( on the same host i assume)
Each VM has two NIC, one is for console access and other has all the
guest\vmotion etc, could the iptable be applied to wrong NIC ?
Each VM instance ( linux client in this case) has vlan id associated with
it.
IPTABLES:
Before ( When backups failed)
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.****** ( complete address
masked) udp dpt:mdns
Today ( backups successful)
[root@rubiconweb1t /]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[
DMZ Firewall:
Whole bunch of rules that is security configured, we have other DMZ
servers backing up through the same rules that they are fine.
"Clark, Patti" <Clarkp AT OSTI DOT GOV>
Sent by: EMC NetWorker discussion <NETWORKER AT LISTSERV.TEMPLE DOT EDU>
03/03/2008 10:28 AM
Please respond to
EMC NetWorker discussion <NETWORKER AT LISTSERV.TEMPLE DOT EDU>; Please respond
to
"Clark, Patti" <Clarkp AT OSTI DOT GOV>
To
NETWORKER AT LISTSERV.TEMPLE DOT EDU
cc
Subject
Re: [Networker] Linux Client backup issues & Vmware
Some things that I can help with are:
-I backup VM instances without issue using v7.3.3-1. Currently using
RHEL4, so I cannot confirm RHEL5.
-SELinux should NOT be a factor. SELinux is NOT a firewall. Iptables
IS a firewall and is NOT SELinux. Based on the output provided, your
firewall has no rules enabled for Iptables which does take it out of the
equation.
-You have not provided any DMZ firewall information. This is a potential
problem point and is just as important as Iptables. Do you have any
other clients functioning in the DMZ?
-You are NOT running portmap and don't necessarily need to.
-I have been told that there may be issues with 64-bit Networker,
however, it is with the server, not the client. I am in the middle of
working through an issue which may add clarity to this statement.
-DNS needs to work both forward and reverse, so check the name and the
IP address. Do this on the server for the client, too.
Patti Clark
Sr. Unix System Administrator - RHCT, GSEC
Office of Scientific and Technical Information
> -----Original Message-----
> From: EMC NetWorker discussion
> [mailto:NETWORKER AT LISTSERV.TEMPLE DOT EDU] On Behalf Of Fazil Saiyed
> Sent: Monday, March 03, 2008 10:17 AM
> To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
> Subject: [Networker] Linux Client backup issues & Vmware
>
> Hello,
> Having some issues backing up Linux clients ( 32 bit
> 7.3.3.1,installed on
> Linux RH 5.1 ( 64 bit) Vm instance ) in an DMZ.
> RH version of kernel is 2.6 and i am told this is SELinux.
> I am getting inconsistence results where client backup on
> root vol are
> sometime successful but not on rest of the file systems.
> SERVER:
> Legato backup server is Windows 2003 64 bit Dell on Legato 7.3.3.
> Firewalls:
> DMZ firewall is active
> Selinux Firewall rules disabled
> ERRORS:
> log file not found
> connection refused
> impersonation failed
> Servers file:
> Was created and applied to linux client, otherwise backup server is
> dependent on DNS name resolution
> NSLOOOKUP from client to server is successful
>
> I can confirm that daemons are running and client install is
> with default
> options,
> Last login: Fri Feb 29 10:27:28 2008 from 10.10.4.174
> [root@rubiconweb1t ~]# ps -ef | grep nsr
> root 22606 22560 0 08:56 pts/1 00:00:00 grep nsr
> root 27604 1 0 Feb29 ? 00:00:00 /usr/sbin/nsrexecd
> [root@rubiconweb1t ~]# rpm -av | grep lgto
> [root@rubiconweb1t ~]# rpm -qa | grep lgto
> lgtoclnt-7.3.3-1
>
> [root@rubiconweb1t /]# iptables -L
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
> [root@rubiconweb1t /]# chkconfig --list iptables
> iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
>
> RPC:
> [root@rubiconweb1t /]# rpcinfo -p "servername"
> rpcinfo: can't contact portmapper: RPC: Remote system error -
> Connection
> refused
> Questions:
> Is 32 bit client on 64 bit Linux OS supported ? ( i was told 64 bit
> version of Legato client crashes a lot)
> What are the special consideration of SELinux and Legato Config
> Has any one tested backup on Linux instance on Vmserver 3.02 OS ?
> I do not have issues with Licensing.
>
>
>
> Can someone point me in the right direction for troubleshooting.
To sign off this list, send email to listserv AT listserv.temple DOT edu and
type
"signoff networker" in the body of the email. Please write to
networker-request AT listserv.temple DOT edu if you have any problems with this
list. You can access the archives at
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
To sign off this list, send email to listserv AT listserv.temple DOT edu and
type "signoff networker" in the body of the email. Please write to
networker-request AT listserv.temple DOT edu if you have any problems with this
list. You can access the archives at
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
|
|
|
