Re: Amanda and firewall

Rick Morris Tue, 15 Jan 2002 17:50:47 -0800

Here's how I did this.

The relevant portions of my configure line:


./configure --with-udpportrange=850,855 --with-portrange=32800,32850
I used this on both client and server

And my firewall (linux) looks like this: (IP numbers are not real)

Internet             firewall                        backup server
                  eth0      eth1
1.2.3.x        1.2.3.1       10.0.0.1                10.0.0.2

My (relevant) iptables rules, from /etc/sysconfig/iptables (use these as input to 
iptables-restore)

[0:0] -A PREROUTING -s 1.2.3.0/255.255.255.0 -d 1.2.3.1 -p tcp -m tcp --dport 10080 -j 
DNAT --to-destination 10.0.0.2 
[0:0] -A PREROUTING -s 1.2.3.0/255.255.255.0 -d 1.2.3.1 -p udp -m udp --dport 10080 -j 
DNAT --to-destination 10.0.0.2 
[0:0] -A PREROUTING -s 1.2.3.0/255.255.255.0 -d 1.2.3.1 -p udp -m udp --dport 850:855 
-j DNAT --to-destination 10.0.0.2 
[0:0] -A POSTROUTING -s 10.0.0.0/255.255.255.0 -o eth0 -j SNAT --to-source 1.2.3.1

This makes the eth0 firewall address redirect to the backup server on ports 10080, and 
850-855, 
and the backup server masquerades to the internet as 1.2.3.1

Your amandahosts file needs the address of the firewall's public ip in it, and the
disklist on the server needs the public IP of the outside clients.

This may have a few extra bits in it, but it works just fine for me. Hope this helps.


On Tuesday 15 January 2002 13:15, Nevin Kapur wrote:
> I'm having some trouble setting up an Amanda client sitting in a DMZ
> of a firewall to talk to an Amanda server sittin inside a firewall.
> I've tried to follow the answer in the FAQ and also read the various
> posts on amanda-users.  However, I can't get it to work and some
> questions till linger:
>
> 1.  When the docs say pass --with-(udp)portrange=xxx,yyy to configure,
> which configure are they talking about?  The client or the server?
>
> 2.  In John R. Jackon's post "Use of UDP/TCP ports in Amanda...",  in
> the secition titles "Firewalls and NAT", it says "Just pick user UDP
> and TCP port ranges and build Amanda with them..." Again, is this on
> the client side or the server side? Or both?
>
> 3.  I've compiled Amanda with --with-portrange=4711,4715
> --with-udpportrange=850,854 on both client and server side, but when I
> run amcheck, I get errors like:
>
> ERROR: xxx: [host yyyy: port 7062 not secure]
>
> where xxx is the name of the machine in the DMZ that I'm trying to
> back up and yyyy is the name of our firewall/router, not the server
> that sits inside it.
>
> I hope I am being clear.  TIA
>
> -Nevin

-- 
Rick Morris
Network Manager
WeDoHosting.com
101-4226 Commerce Circle
Victoria  BC  V8Z 6N6

ph: +1 250 479 1595
fax: +1 250 479 1517

[EMAIL PROTECTED]
http://www.wedohosting.com

Re: Amanda and firewall

Reply via email to