On Tue, Jun 28, 2005 at 04:30:17PM +0200, Stefan G. Weichinger wrote: > Eric Dantan Rzewnicki wrote: > >Is this entry in the FAQ a complete description of the network > >interactions between amanda client and amanda server? > >http://amanda.sourceforge.net/fom-serve/cache/139.html > >I'm not relishing the thought of working this out in ipchains ... > >I'm pushing to (finally) move to iptables. But, I may have to make it > >work with ipchains for now, so I need to get a clear understanding of > >what type of which ports need to be openned up. > For iptables: > http://www.amanda.org/docs/faq.html#id2555136 > and the main info: > http://www.amanda.org/docs/portusage.html > I'd also recommend to search the archives for terms like > iptables/ipchains/firewall, there have been some threads lately ...
Yes. Thank you. I've read all of that and now have re-read it. I think the best answer is to get our firewall updated to using iptables and the amanda connection tracking module. But, that is a separate project with separate management decisions to be made. I don't think I can get this to work in a non-ugly way with our current ipchains, linux kernel v2.2 based solution. The initial udp packet from the amanda server on internal lan to the amanda client on the external lan gets there, but is masqueraded to a high port by the firewall. So, the amandad on the client says: ERROR: client.dom.tld : [host router.dom.tld: port 64781 not secure] As far as I can figure out there isn't a way for me to prevent the source port from being masqueraded using ipchains. Please correct me if I am wrong. -- Eric Dantan Rzewnicki | Systems Administrator Technical Operations Division | Radio Free Asia 2025 M Street, NW | Washington, DC 20036 | 202-530-4900 CONFIDENTIAL COMMUNICATION This e-mail message is intended only for the use of the addressee and may contain information that is privileged and confidential. Any unauthorized dissemination, distribution, or copying is strictly prohibited. If you receive this transmission in error, please contact [EMAIL PROTECTED]