Andreas, thanks for writing and your advice. Unfortunately, I can't control any aspect of the firewall. It is administered by another group within my organization. I don't believe that they understand the firewall software thoroughly. Furthermore, it seems to be five-year-old software which is no longer being maintained. I don't believe that it's very sophisticated and able to use syn/ack flags. I'm very frustrated.
If you tell me that I have to open all ports from 1024 through 65535, using TCP, inbound from my client(s) to my tapehost, that's fine with me. I don't believe that this is a significant security risk. However, I have to spell out exactly what I need, in this format, for the firewall administrators to act on it. Thanks again for your thoughts. -Kevin >>> Andreas Putzo <[EMAIL PROTECTED]> 09/13/04 05:07PM >>> On Monday 13 September 2004 22:54, KEVIN ZEMBOWER wrote: [amanda network traffic] I don't know for sure, but i think, amanda won't bind to a specific from-port. Normally the kernel choses a high (semi-)random port. But you can still build your firewall rules depending on the destination host/port and syn/ack flags for the tcp connections. regards, Andreas
