Hi, My amanda server is having problems connecting to a client. It's working great with a number of other clients, but this one client keeps trying to frustrate me.
I have developed a little step by step procedure for installing amanda clients on my servers so I can quickly copy/paste most things to avoid mistake. Let me preface this by saying I used the same self-made guide for setting up a bunch of other clients, as well as this problem client... and the other ones are working great (one RedHat 7.1 servers, multiple RedHat 9 servers, and a few RedHat 7.3 servers as well). There are 2 firewalls inbetween the client and the server. The client (a RedHat 7.3 box) was running iptables, but since we have it behind a hardware firewall I've even tried doing "iptables --flush" and the problem remains with iptables wide open (the default is set to ACCEPT). In the server's firewall, I've turned on full logging and doing see anything being logged at all. If I try a client-side-restore (even though the client has never been backed up before), it works ok and lets me connect to the server, and I see appropriate entries in the server's firewall's logs. However every time I try doing amcheck, the client's self check times out. Here's what I see in the client's firewall's logs when I attempt to amcheck it. (the public IP's have been changed) Date/Time: 2003-07-28 15:26:16 Source Address/Port: 1.2.3.4:694 Translated Address/Port: 1.2.3.4:694 Destination Address/Port: 192.168.250.120:10080 Service: UDP PORT 10080 Duration: 3 sec. Bytes Sent: 163 Bytes Received: 191 Every time it's the same.. 163 bytes sent, 191 bytes received, but still the amcheck says "host down?" Here is the ./configure I'm using on the clients: ./configure --with-user=amanda --with-group=amanda --with-amandahosts --prefix=/usr/local --with-config=Daily --without-server --with-tcpportrange=44200,44209 --with-udpportrange=790,799 On the client, /etc/hosts has an entry for the server, "theisland"... /etc/hosts.allow is set up properly (amanda : theisland : ALLOW), /etc/services contains all of my custom UDP and TCP ports as well as the defaults of 10080 (tcp/udp), 10082 and 10083 (tcp)... This is my xinetd.conf entry for amanda: service amanda { socket_type = dgram protocol = udp user = amanda server = /usr/local/libexec/amandad wait = yes } (I've heard some people suggest putting "disable = no" in there but when I do, the system complains that it's not a valid entry, so I've removed it) lsof shows that amanda is listening... though I don't recognize the numbers, it shouldn't really matter since the firewalls are currently set up to allow all traffic between the amanda server and this client. xinetd 876 root 5u IPv4 1393 UDP *:amanda I can run amandad as the amanda user and it doesn't give me any errors. When I run it, it does create a /tmp/amanda/amandad.*.debug file... However when I try to run amcheck on the server, it doesn't ever create any /tmp/amanda/ debug files. amanda:amanda does own /tmp/amanda and has permission to create files there.. I did "service xinetd reload" "service xinetd restart".. as well as rebooted the entire machine.. No error messages in /var/log/messages or /var/log/secure that I can see. /home/amanda/.amandahosts is set up... "theisland amanda" /home/amanda's permissions are correct.. as are the permissions in /usr/local/var/amanda On the server I do see a lot of these entries in /var/log/messages: Jul 28 05:47:51 theisland kernel: (see the NOTES section of 'man 2 wait'). Workaround activated. Jul 28 05:55:16 theisland kernel: application bug: dumper(20085) has SIGCHLD set to SIG_IGN but calls wait(). Jul 28 05:55:16 theisland kernel: (see the NOTES section of 'man 2 wait'). Workaround activated. However I've done some Google searches and these appear to be harmless, plus the fact that the other servers are being backed up just fine, so I'm not too worried about that. I've read through the Amanda FAQ many times, including the multiple entries about the "selfcheck timeout, host down?" message, but still haven't had any luck. Just to make sure it wasn't a hardware firewall issue I completely opened up traffic between the server and this problematic client on both firewalls (with full logging turned on) and haven't noticed anything more in the logs compared to when I had it restricted to specific ports (tcp 44200-44300 10080 10082 10083, and udp 10080 / 790-799). Any ideas of other things to try? Thanks! Jeremy Martin