The ports that worked best for me were:
--with-portrange=2064,2320
--with-udpportrange=830,870
Also, some other firewall wierdness I've had (with RedHat6.2's ipchains)
was once in a while a fragmented packet is sent, for whatever reason.
My amanda client's firewall log would show 3 denied packets from the
tape server, with source and destination ports of 65535.
To get around this, you need a rule that allows fragmented packets, such
as this:
-A input -s <server_ip>/32 -d <client_ip>/32 -f -j ACCEPT
On Wed, 04 Apr 2001, Doug Silver wrote:
> Brand new build of amanda 2.4.2p2
>
> server config build:
> /configure --with-gnutar=/usr/local/bin/tar --with-portrange=900,950
> --with-udpportrange=900,950 (etc)
>
> client config build:
> ./configure --with-gtar=/usr/local/bin/gtar --without-server
> --with-portrange=900,950 --with-udpportrange=900,950
>
> Server binaries:
> -rwsr-x--- 1 root wheel 68759 Apr 4 15:46
> /usr/local/libexec/calcsize*
> -rwsr-x--- 1 root wheel 231765 Apr 4 15:47 /usr/local/libexec/dumper*
> -rwsr-x--- 1 root wheel 58227 Apr 4 15:46
> /usr/local/libexec/killpgrp*
> -rwsr-x--- 1 root wheel 309711 Apr 4 15:47 /usr/local/libexec/planner*
> -rwsr-x--- 1 root wheel 56004 Apr 4 15:46 /usr/local/libexec/rundump*
> -rwsr-x--- 1 root wheel 56761 Apr 4 15:46 /usr/local/libexec/runtar*
> -rwsr-x--- 1 root wheel 322122 Apr 4 15:47 /usr/local/sbin/amcheck*
>
> Client:
> ls: /usr/local/libexec/dumper: No such file or directory
> ls: /usr/local/libexec/planner: No such file or directory
> -rwsr-x--- 1 root wheel 71756 Apr 4 17:22 /usr/local/libexec/calcsize*
> -rwsr-x--- 1 root wheel 62521 Apr 4 17:22 /usr/local/libexec/killpgrp*
> -rwsr-x--- 1 root wheel 60112 Apr 4 17:22 /usr/local/libexec/rundump*
> -rwsr-x--- 1 root wheel 60905 Apr 4 17:22 /usr/local/libexec/runtar*
>
> amcheck -c test
>
> Amanda Backup Client Hosts Check
> --------------------------------
> ERROR: frog.hoop-t.net: [host cat.hoop-t.net: port 62870 not
> secure]
> Client check: 1 host checked in 0.076 seconds, 1 problem found
>
> I'm not seeing any errors through the firewall, so I'm not sure how to
> further debug this.
>
> Any suggestions? Has anyone got Amanda to work using the
> udpportrange/portrange options through a firewall?
>
> Thanks!
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Doug Silver
> 619 235-2665
> Quantified Systems, Inc
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Here's the client amandad.debug packet stuff:
> sending ack:
> ----
> Amanda 2.4 ACK HANDLE 000-00300D08 SEQ 986430352
> ----
>
> amandad: sending REP packet:
> ----
> Amanda 2.4 REP HANDLE 000-00300D08 SEQ 986430352
> ERROR [host cat.hoop-t.net: port 62870 not secure]
> ----
>
> amandad: got packet:
> ----
> Amanda 2.4 ACK HANDLE 000-00300D08 SEQ 986430352
> ----
>
> amandad: pid 56308 finish time Wed Apr 4 17:25:53 2001
>
--
Jason Hollinden
SMG Systems Admin
