Greetings, I'm been struggling a bit with amanda and iptables. I can't seem to get them to play nice. I'm aware of the ip_conntrack_amanda module, so I loaded that. I then crafted my iptables like this :
*filter :INPUT DROP [3:431] :FORWARD DROP [0:0] :OUTPUT DROP [0:0] # Input Chain # SSH and Amanda from Server Farm -A INPUT -s 192.168.0.0/255.255.255.0 -p tcp -m multiport --dport 22,10082,10083 -j ACCEPT # Established sessions -A INPUT -p icmp -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT # Reject ICMP from unauthorized hosts -A INPUT -p icmp -j REJECT --reject-with icmp-port-unreachable # Log everything else -A INPUT -j LOG --log-prefix "FIREWALL " # Output chain # Established Sessions -A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT -A OUTPUT -p icmp -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -p udp -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT # Log everything else -A OUTPUT -j LOG --log-prefix "FIREWALL " COMMIT Local backups on the server work fine. However, client backups fail. Checking the logs on the client, I see this in the sendbackup log : sendbackup: try_socksize: send buffer size is 65536 sendbackup: time 0.001: stream_server: waiting for connection: 0.0.0.0.54803 sendbackup: time 0.001: stream_server: waiting for connection: 0.0.0.0.54804 sendbackup: time 0.001: stream_server: waiting for connection: 0.0.0.0.54805 sendbackup: time 0.001: waiting for connect on 54803, then 54804, then 54805 sendbackup: time 29.993: stream_accept: timeout after 30 seconds sendbackup: time 29.994: timeout on data port 54803 sendbackup: time 59.986: stream_accept: timeout after 30 seconds sendbackup: time 59.986: timeout on mesg port 54804 sendbackup: time 89.979: stream_accept: timeout after 30 seconds sendbackup: time 89.979: timeout on index port 54805 sendbackup: time 89.979: pid 13884 finish time Thu Aug 4 21:46:25 2005 So, I disabled iptables entirely on the server. Backup worked fine. I then tried adding an allow all line to the iptables config like this : -A INPUT -s 192.168.0.0/255.255.255.0 -j ACCEPT That didn't work. So, I removed ip_conntrack_amanda and tried again. Successful backup. So is there just a major problem with ip_conntrack_amanda, or am I not using it right? How should I set up iptables to handle this? Thanks! -- --------------------------- Jason 'XenoPhage' Frisvold Engine / Technology Programmer [EMAIL PROTECTED] RedHat Certified - RHCE # 803004140609871 MySQL Pro Certified - ID# 207171862 MySQL Core Certified - ID# 205982910 --------------------------- "Something mysterious is formed, born in the silent void. Waiting alone and unmoving, it is at once still and yet in constant motion. It is the source of all programs. I do not know its name, so I will call it the Tao of Programming."