On Tuesday 08 February 2005 10:00, Don Carlton wrote: >It looks like it might be a firewall issue on the server? Does > anyone know what the minimum "server rules" and "client rules" > would be in iptables/ipchains? > Thats all in the FAQ and docs Don. And its pretty straight forward, if iptables is involved, there is even a special kernel/iptables module for 2.6 kernels that has all the amanda rules builtin. Google for that, or if you built your own kernel, a quick 'make xconfig' should show it under the netfilter branch of the tree. Ditto IIRC for users of SELinux.
However, I have no experience with useing these as all my machines being backed up are behind the actual firewall, including the firewall box itself. Two nics in that box, with the firewall being between the outside connection and the box itself which uses the 2nd nic for the local net on a different subnet for connection to the rest of the systems here. Paranoid about the firewall, I both back it up with amanda, and rsync its more important dirs locally, which also gets backed up by amanda. This is one of the reasons I'm in favor of a 2 nic firewall, it can very effectively isolate you, while being absolutely transparent as far as the use of the internet from any box inside the firewall is concerned. I've had two penetration attempts that failed at the firewall logged in the last 22 months, way too much NAT for the script kiddies to negotiate. FWIW, both attacks came from a compromised verizon dns server that was one of the two the routers internal PPPoE hands me, the server running IIS of course, I nmapped it just to see what it was running after both attacks. Verizon runs 100% darkside software, and does not officially support linux. They are getting to the point where they'll 'tolerate' it though. The lawyers rule is supreme there, too bad we don't have an annual official Bill Shakespear holiday... [...] -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) 99.33% setiathome rank, not too shabby for a WV hillbilly Yahoo.com attorneys please note, additions to this message by Gene Heskett are: Copyright 2005 by Maurice Eugene Heskett, all rights reserved.
