Networker
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Networker] NetWorker Client Woes

2008-09-30 18:54:22
Subject: Re: [Networker] NetWorker Client Woes
From: Tim Mooney <Tim.Mooney AT NDSU DOT EDU>
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Date: Tue, 30 Sep 2008 17:48:41 -0500 
In regard to: [Networker] NetWorker Client Woes, JGillTech said (at 6:11pm...:


I am under the impression that port 7938 corresponds the the
lgtomapper... and port 111 corresponds to rpcbind... or similar.

I am having some firewall issues however... not sure what the best
practice for configuring the firewall, service ports, and connection
ports.  Any recommendations?


That depends on environment -- in ours, we can get away with allowing
our backup server unfettered access to any ports on the client.  The
Linux iptables firewall rule on the client would look something like:

-A INPUT -s your_servers_ip_address_here -i eth0 -j ACCEPT

If you can't get away with that, then I would recommend something like

-A INPUT -s your_servers_ip_address -p tcp -m tcp --dport 111 -i eth0 -j ACCEPT
-A INPUT -s your_servers_ip_address -p udp -m udp --dport 111 -i eth0 -j ACCEPT
-A INPUT -s your_servers_ip_address -p tcp -m tcp --dport 7937:7938 -i eth0 -j 
ACCEPT

That allows tcp & udp access to your server (for traffic over eth0) to
whatever RPC mediator you're using (portmapper or rpcbind, either way it
will be listening on 111) and tcp access to the 7937-7938 for nsrexecd.
For nsrexecd, the only thing I'm certain of is that you don't need to
worry about udp and at least 7937 must be available.  You may or may not
need any ports beyond that.  Since we don't need to worry about port
specifications for our backup server, I've never needed to delve too
deeply into the firewall needs of the client.

Tim
--
Tim Mooney                                             Tim.Mooney AT ndsu DOT 
edu
Enterprise Computing & Infrastructure                  701-231-1076 (Voice)
Room 242-J6, IACC Building                             701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

To sign off this list, send email to listserv AT listserv.temple DOT edu and type 
"signoff networker" in the body of the email. Please write to networker-request 
AT listserv.temple DOT edu if you have any problems with this list. You can access the 
archives at http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Networker] Datazone Size..., Will Aymond
Next by Date:  [Networker] NetWorker Client Woes, JGillTech
Previous by Thread:  [Networker] NetWorker Client Woes, JGillTech
Next by Thread:  [Networker] NetWorker Client Woes, JGillTech
Indexes:  [Date] [Thread] [Top] [All Lists]