Veritas-bu
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Veritas-bu] vnetd question

2006-08-25 11:44:26
Subject: [Veritas-bu] vnetd question
From: dave-bu at graniteweb.com (David Rock)
Date: Fri, 25 Aug 2006 10:44:26 -0500 
* Dave Lowenstein <dlowenst at mail.sdsu.edu> [2006-08-24 15:58]:
> I'm trying to make sure that netbackup 5.1 will work through a firewall 
> with minimal ports being opened.
> 
> What ports need to be open on the firewall if filtering by destination port:
> 
> Media >> Client
> 13782  (bpcd)
> 
> Client >> Media
> 13724  (vnetd)
> 
> If the client needs to run user backups/restores, then the following 
> port will also need to be opened:
> Client >> Master
> 13720  (bprd)
> 
> 
> Right? So I'm testing this out between two hosts with some more liberal 
> firewall rules than above. Backups are working fine, restores are 
> working fine.
> 
> I believe I have all the vnetd stuff set correctly, although every piece 
> of documentation I find shows a slightly different gui interface than 
> what I'm seeing.
> 
> Why am I still seeing it talking back and forth between media server and 
> client with randomly selected destination ports (like 852 and 811)? 
> There's also a fair amount of icmp going on back and forth between the 
> two, which I'd like to be able to close down.
> 
> 
> 
> client -> server        TCP D=13724 S=852 Ack=392120625 Seq=931198138 
> Len=0 Win=49680
>  client -> server        TCP D=13724 S=852 Push Ack=392120625 
> Seq=931198138 Len=2 Win=49680
>        server -> client          TCP D=852 S=13724 Ack=931198140 
> Seq=392120625 Len=0 Win=33118
>        server -> client          TCP D=852 S=13724 Push Ack=931198140 
> Seq=392120625 Len=2 Win=33120
>          client -> server        TCP D=13724 S=852 Ack=392120627 
> Seq=931198140 Len=0 Win=49680
>          client -> server        TCP D=13724 S=852 Push Ack=392120627 
> Seq=931198140 Len=2 Win=49680
>        server -> client          TCP D=852 S=13724 Ack=931198142 
> Seq=392120627 Len=0 Win=33120
>          client -> server        TCP D=13724 S=852 Push Ack=392120627 
> Seq=931198142 Len=21 Win=49680
>        server -> client          TCP D=852 S=13724 Push Ack=931198163 
> Seq=392120627 Len=33 Win=33120
>          client -> server        TCP D=13724 S=852 Ack=392120660 
> Seq=931198163 Len=0 Win=49680
>          client -> server        TCP D=811 S=13782 Push Ack=1618165286 
> Seq=912667687 Len=2 Win=49680
>        server -> client          TCP D=13782 S=811 Ack=912667689 
> Seq=1618165286 Len=0 Win=34500

What this looks like to me is that your SOURCE port is 852.  Any real
firewall won't care about this.  What you are concerned about is if the
DESTINATION is correct.  What is most likely happening is the connection
from the client to the media server has been established via vnetd, but
the client end port is 852 or 811.  The client source port doesn't have
anything to do with it.  The fact that the client is going after 13724
means that it's set up correctly.  

-- 
David Rock
david at graniteweb.com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Veritas-bu] Authoritative Active Directory Restore Docs, Jack.Thweatt AT protective DOT com
Next by Date:  [Veritas-bu] hcart types may be causing "recovery without import" problem, Clooney, David
Previous by Thread:  [Veritas-bu] vnetd question, Clooney, David
Next by Thread:  [Veritas-bu] vnetd question, Paul Keating
Indexes:  [Date] [Thread] [Top] [All Lists]