>... There are several shortcomings with Amanda and IP-masquerading:
>
>- You can backup only _one_ machine outside firewall
Why?
>- _Everyone_ from inside firewall can run an amanda server and
> request backups from the outside machine. (This is often not a big problem
> if the outside machine has only "public" content (e.g. Webserver))
Is this because all the requests from inside look like they come from
the same place to the outside machine, and so it cannot lock out all
but the "right" one?
>- You have to tell Amanda Client outside firewall not to do reserved
> port checking, in common-src:
That would seem to depend on whether you're doing port translation.
If the ports Amanda gets inside are left alone, then they should still
be privileged on the outside.
Note that disabling this check makes it even easier for someone inside
to back up the outside machine -- they don't even have to install Amanda,
just run it from a build area.
Do you (or anyone else, for that matter) have any suggestions on how
this could be done better?
> Dietmar
John R. Jackson, Technical Software Specialist, [EMAIL PROTECTED]
