Here's how I did this. The relevant portions of my configure line:
./configure --with-udpportrange=850,855 --with-portrange=32800,32850 I used this on both client and server And my firewall (linux) looks like this: (IP numbers are not real) Internet firewall backup server eth0 eth1 1.2.3.x 1.2.3.1 10.0.0.1 10.0.0.2 My (relevant) iptables rules, from /etc/sysconfig/iptables (use these as input to iptables-restore) [0:0] -A PREROUTING -s 1.2.3.0/255.255.255.0 -d 1.2.3.1 -p tcp -m tcp --dport 10080 -j DNAT --to-destination 10.0.0.2 [0:0] -A PREROUTING -s 1.2.3.0/255.255.255.0 -d 1.2.3.1 -p udp -m udp --dport 10080 -j DNAT --to-destination 10.0.0.2 [0:0] -A PREROUTING -s 1.2.3.0/255.255.255.0 -d 1.2.3.1 -p udp -m udp --dport 850:855 -j DNAT --to-destination 10.0.0.2 [0:0] -A POSTROUTING -s 10.0.0.0/255.255.255.0 -o eth0 -j SNAT --to-source 1.2.3.1 This makes the eth0 firewall address redirect to the backup server on ports 10080, and 850-855, and the backup server masquerades to the internet as 1.2.3.1 Your amandahosts file needs the address of the firewall's public ip in it, and the disklist on the server needs the public IP of the outside clients. This may have a few extra bits in it, but it works just fine for me. Hope this helps. On Tuesday 15 January 2002 13:15, Nevin Kapur wrote: > I'm having some trouble setting up an Amanda client sitting in a DMZ > of a firewall to talk to an Amanda server sittin inside a firewall. > I've tried to follow the answer in the FAQ and also read the various > posts on amanda-users. However, I can't get it to work and some > questions till linger: > > 1. When the docs say pass --with-(udp)portrange=xxx,yyy to configure, > which configure are they talking about? The client or the server? > > 2. In John R. Jackon's post "Use of UDP/TCP ports in Amanda...", in > the secition titles "Firewalls and NAT", it says "Just pick user UDP > and TCP port ranges and build Amanda with them..." Again, is this on > the client side or the server side? Or both? > > 3. I've compiled Amanda with --with-portrange=4711,4715 > --with-udpportrange=850,854 on both client and server side, but when I > run amcheck, I get errors like: > > ERROR: xxx: [host yyyy: port 7062 not secure] > > where xxx is the name of the machine in the DMZ that I'm trying to > back up and yyyy is the name of our firewall/router, not the server > that sits inside it. > > I hope I am being clear. TIA > > -Nevin -- Rick Morris Network Manager WeDoHosting.com 101-4226 Commerce Circle Victoria BC V8Z 6N6 ph: +1 250 479 1595 fax: +1 250 479 1517 [EMAIL PROTECTED] http://www.wedohosting.com