In regard to: [Networker] NetWorker Client Woes, JGillTech said (at 6:11pm...:
I am under the impression that port 7938 corresponds the the
lgtomapper... and port 111 corresponds to rpcbind... or similar.
I am having some firewall issues however... not sure what the best
practice for configuring the firewall, service ports, and connection
ports. Any recommendations?
That depends on environment -- in ours, we can get away with allowing
our backup server unfettered access to any ports on the client. The
Linux iptables firewall rule on the client would look something like:
-A INPUT -s your_servers_ip_address_here -i eth0 -j ACCEPT
If you can't get away with that, then I would recommend something like
-A INPUT -s your_servers_ip_address -p tcp -m tcp --dport 111 -i eth0 -j ACCEPT
-A INPUT -s your_servers_ip_address -p udp -m udp --dport 111 -i eth0 -j ACCEPT
-A INPUT -s your_servers_ip_address -p tcp -m tcp --dport 7937:7938 -i eth0 -j
ACCEPT
That allows tcp & udp access to your server (for traffic over eth0) to
whatever RPC mediator you're using (portmapper or rpcbind, either way it
will be listening on 111) and tcp access to the 7937-7938 for nsrexecd.
For nsrexecd, the only thing I'm certain of is that you don't need to
worry about udp and at least 7937 must be available. You may or may not
need any ports beyond that. Since we don't need to worry about port
specifications for our backup server, I've never needed to delve too
deeply into the firewall needs of the client.
Tim
--
Tim Mooney Tim.Mooney AT ndsu DOT
edu
Enterprise Computing & Infrastructure 701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164
To sign off this list, send email to listserv AT listserv.temple DOT edu and type
"signoff networker" in the body of the email. Please write to networker-request
AT listserv.temple DOT edu if you have any problems with this list. You can access the
archives at http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
|