Two years ago, I wrote here about problems getting Amanda to work through a firewall using NAT which couldn't be turned-off. I finally gave up in frustration, despite the helpful advice of the folks here, and set up two separate backup systems, one inside and outside the firewall. Adding to my frustration is the fact that I don't administer the firewall, and can't verify directly that what I requested was implemented. Now, I'm trying again to back up all my host with just one Amanda system.
My tapehost 'centernet' is trying to back up hosts 'admin' and 'mailinglists' in addition to itself, inside the firewall, and hosts 'www' and 'real' outside the firewall. I've read and tried to follow the advice given to others in this situation. I changed the file common-src/security.c to comment out the section where the port number is checked. I also used the script, first given here, pasted in at the end of this note, to configure Amanda on both the server and the clients. I have the new Amanda system (tapehost inside the firewall) working on all the other hosts inside the firewall, but it times out with the hosts outside the firewall. When I amcheck it, I don't get anything written in either the working or non-working clients, in either /tmp/Amanda or /tmp/Amanda-dbg. Can anyone suggest any diagnostic tools or methods that I can use to verify that the firewall is set up the way I requested? I've tried to use 'netcat' in the past to verify proper transmission through a firewall, but don't understand how I could use it in this case, as I don't know what port the firewall will NAT the request to. I'm not getting any diagnostic messages in any of the logs I've looked at, on either the host or clients. Any suggestions? Thanks for all your help and advice. -Kevin Zembower ============================================= [EMAIL PROTECTED]:~$ cat configure_amanda.sh #!/bin/sh # since I'm always forgetting to su amanda... if [ `whoami` != 'amanda' ]; then echo echo "!!!!!!!!!!!! Warning !!!!!!!!!!!!" echo "Amanda needs to be configured and built by the user amanda," echo "but must be installed by user root." echo exit 1 fi echo "!!!!!!!!!!!! Warning !!!!!!!!!!!!" echo "Did you remember to make the changes in common_src/security.c" echo "to disable the port check, to allow amanda to work through a" echo "NATted firewall like CCP's?" echo make clean rm -f config.status config.cache ../configure --with-user=amanda \ --with-group=disk \ --with-owner=amanda \ --with-tape-device=/dev/nst0 \ --prefix=/usr/local \ --with-portrange=10080,10083 \ --with-tcpportrange=10080,10083 \ --with-udpportrange=850,854 \ --with-debugging=/tmp/amanda-dbg/ \ --with-config=DBackup \ --with-smbclient=/usr/bin/smbclient \ --with-configdir=/etc/amanda [EMAIL PROTECTED]:~$