Hi List I would like to mention that the selected port range udp 1001,1009 and tcp 11000,11300 have only been re compiled on the Amanda client, thus I haven't been opened on both amanda client and amanda server ends of the firewall.
I didn't want to re compile a productive amanda tape server plus I used the default software within SuSE Linux Enterprise Server 9. So if I have to open the selected port range on the amanda tape server can I just edit /etc/services and add the 1001 and 1009 systems privileged ports. or have I got to run the --with-udpportrange=1001,1009 thus having to start from scratch which is not really feasible. amanda 1001/udp # Amanda amanda 1009/udp # Amanda Cheers On Tue, 2006-02-14 at 15:56 +0000, Chuck Amadi Systems Administrator wrote: > Hi all > > I have just edited my firewall and added a ipchain rule but I still got > an error as below: > > Amanda Backup Client Hosts Check > -------------------------------- > ERROR: server.my.co.uk: [host fw.smtl.co.uk: port 62679 not secure] > Client check: 4 hosts checked in 10.780 seconds, 1 problem found > > Here is also my Amanda Debug file: > less /tmp/amanda/amandad.20060214163540.debug > > Amanda 2.4 REQ HANDLE 003-D0990808 SEQ 1139931009 > SECURITY USER amanda > SERVICE noop > OPTIONS features=ecfffeff9ffe0f; > -------- > > amandad: time 0.000: sending ack: > ---- > Amanda 2.4 ACK HANDLE 003-D0990808 SEQ 1139931009 > ---- > > amandad: time 0.006: sending REP packet: > ---- > Amanda 2.4 REP HANDLE 003-D0990808 SEQ 1139931009 > ERROR [host fw.my.co.uk: port 62679 not secure] > ---- > > amandad: time 0.007: got packet: > ---- > Amanda 2.4 ACK HANDLE 003-D0990808 SEQ 1139931009 > ---- > > I have setup my fw rules as below: > > # Amanda Client - Enterprise random udp forks to Nemesis Server > ################################################################ > ipchains -A input -i $EXTERNAL_INTERFACE -p udp -s 193.XX.XX.XXX > 1001:1009 -j ACCEPT > > ipchains -A input -i $EXTERNAL_INTERFACE -p udp -s 193.XX.XX.XXX > 10080:10083 -j ACCEPT > > Outgoing packets are allowed from behind our firewall and all forwaded > to our main file server that is the same server for amanda backup tape > server > > I re compiled amanda client as below: > > ./configure --with-user=amanda --with-group=disk > --with-configdir=/etc/amanda --with-udpportrange=1001, 1009 > --with-tcpportrange=11000, 11300 > > I haven't edited the /etc/services as I had read this does not effect > initial UDP request made from the amanda tape server. > > I have read and digested learnt a few things but I am still having > issues using Amanda between hosts separated by a firewall using > ipchains. > > Cheers for your help. > > > -- Unix/ Linux Systems Administrator Chuck Amadi The Surgical Material Testing Laboratory (SMTL), Princess of Wales Hospital Coity Road Bridgend, United Kingdom, CF31 1RQ. Email chuck.smtl.co.uk Tel: +44 1656 752820 Fax: +44 1656 752830
