thanks all!
Tom
:
On Sat, May 14, 2005 at 05:29:10PM -0400, Joshua Baker-LePain enlightened us:
For the first time ever i have to backup a machine over the 'internet' - This client is using iptables as its firewall. Does anyone have an iptables rule they would like to share that would allow amanda through to be able to backup this client?
If you haven't compiled with any "portrange" options, you'll have to do something like this:
-A INPUT -p udp -s $AMANDA_SERVER -d 0/0 --dport 10080 -j ACCEPT -A INPUT -p tcp -m tcp -s $AMANDA_SERVER -d 0/0 --dport 1025:65535 -j ACCEPT
Or
-A INPUT -p udp -s $AMANDA_SERVER -d $AMANDA_CLIENT --dport 10080 -j ACCEPT
and load the ip_conntrack_amanda kernel module. I use the following in /etc/modprobe.conf:
options ip_conntrack_amanda master_timeout=2400 install ip_tables /sbin/modprobe --ignore-install ip_tables && \ /sbin/modprobe ip_conntrack_amanda
(Lines 2 & 3 are all one line)
This sets the UDP timeout for amanda packets to 2400 seconds, up from the default 300 (don't hold me to that, it might be 600). I was getting estimate timeouts since they were taking longer than 300/600 seconds and the firewall would close the port.
Makes things a little more secure than opening up everything > 1024 ;-)
Matt