> -----Original Message-----
> From: veritas-bu-admin AT mailman.eng.auburn DOT edu 
> [mailto:veritas-bu-admin AT mailman.eng.auburn DOT edu] On Behalf Of 
> Weber, Philip
> Sent: April 14, 2005 10:33 AM
> To: veritas-bu AT mailman.eng.auburn DOT edu
> Subject: [Veritas-bu] Firewall Questions
> 
> As I am getting return code 58 I
> guess this is not enough, and that the clients have to be able to
> initiate some communications with the master/media, even for scheduled
> backups.  Can anyone confirm/deny?
> 
> I have opened
> master/media --> client on 13782, 13720, 13724.


Master server needs to be able to reach client via 13782.
Client needs to be able to initiate connection back to the Master on
13724.

Netbackup doesn't use "sessions".
The master tells the client it is ready for the backup (port 13782).
The client then initiates its own connection back to the master on
13724.

Yeah, it sucks.

One option I've thought of, but haven't tried, is to have a script that
starts an ssh connection to the client before the backup starts, then
tear it down after the backup completes.....the tunnel would stay up for
the client to request its connection back to the master server, without
leaving holes in your firewall.


> 
> 2.  I have a separate 5.1MP2 environment to which I would like to be
> able to connect using the Java GUI from my PC.  The master server is
> behind a firewall relative to my PC.  I get a login box, but then get
> the error "Unable to login, status: 506.  Can not connect to 
> the NB-Java
> service on <master> on port 1347...", where the port number changes on
> each attempt.  Is it possible to limit this to a small set of ports?

Change "NBJAVA_CONNECT_OPTION=0" to "NBJAVA_CONNECT_OPTION=1" in
/usr/openv/java/nbj.conf and it should use 13724, IIRC.

Paul