On Sat, May 14, 2005 at 05:29:10PM -0400, Joshua Baker-LePain enlightened us: > > For the first time ever i have to backup a machine over the 'internet' - > > This client is using iptables as its firewall. Does anyone have an iptables > > rule they would like to share that would allow amanda through to be able to > > backup this client? > > If you haven't compiled with any "portrange" options, you'll have to do > something like this: > > -A INPUT -p udp -s $AMANDA_SERVER -d 0/0 --dport 10080 -j ACCEPT > -A INPUT -p tcp -m tcp -s $AMANDA_SERVER -d 0/0 --dport 1025:65535 -j ACCEPT
Or -A INPUT -p udp -s $AMANDA_SERVER -d $AMANDA_CLIENT --dport 10080 -j ACCEPT and load the ip_conntrack_amanda kernel module. I use the following in /etc/modprobe.conf: options ip_conntrack_amanda master_timeout=2400 install ip_tables /sbin/modprobe --ignore-install ip_tables && \ /sbin/modprobe ip_conntrack_amanda (Lines 2 & 3 are all one line) This sets the UDP timeout for amanda packets to 2400 seconds, up from the default 300 (don't hold me to that, it might be 600). I was getting estimate timeouts since they were taking longer than 300/600 seconds and the firewall would close the port. Makes things a little more secure than opening up everything > 1024 ;-) Matt -- Matt Hyclak Department of Mathematics Department of Social Work Ohio University (740) 593-1263
pgpSA16Pj5HD1.pgp
Description: PGP signature
