Hi List sorry for the continuous cries for help. Regarding Amanda and ipchains rules it didn't work Amanda client on server was still forking to secure ports that weren't in my udp range. I run tcpdump port 10080 on server.
Then run /usr/sbin/amcheck DailySet1 on tape-server tape server. server output below: tcpdump: listening on eth0 16:41:14.529918 firewall.my.co.uk.64524 > server.my.co.uk.amanda: udp 117 (DF) 16:41:14.537221 server.my.co.uk.amanda > firewall.my.co.uk.64524: udp 50 (DF) 16:41:14.543520 server.my.co.uk.amanda > firewall.my.co.uk.64524: udp 100 (DF) Thus on server less /tmp/amanda/amandad.20060216164114.debug Amanda 2.4 REQ HANDLE 003-D0990808 SEQ 1140104146 SECURITY USER amanda SERVICE noop OPTIONS features=fffffeff9ffe0f; -------- amandad: time 0.000: sending ack: ---- Amanda 2.4 ACK HANDLE 003-D0990808 SEQ 1140104146 ---- amandad: time 0.006: sending REP packet: ---- Amanda 2.4 REP HANDLE 003-D0990808 SEQ 1140104146 ERROR [host firewall.my.co.uk: port 64524 not secure] ---- It should have forked to the ports in udp port range that I had compiled with the switch --with-udpportrange=1001,1009 . I am still trouble shooting and awaiting info on mailing list. I had edit my firewall and added the following ipchain rules Outgoing mail has no restrictions. 1001 and 1009 is what I used for the udp port range and I use 11000 11030 for tcp port range I am led to believe that this doesn't cause any isses with the ussally amanda ports 10080,10082 and 10083. ################################################################ ipchains -A input -i $EXTERNAL_INTERFACE -p udp -s 193.xx.xx.xxx 1001:1009 -j ACCEPT ipchains -A input -i $EXTERNAL_INTERFACE -p udp -s 193.xx.xx.xxx 10080:10083 -j ACCEPT Any other tips in order to get through the firewall until one day move to iptables. Cheers -- Unix/ Linux Systems Administrator Chuck Amadi The Surgical Material Testing Laboratory (SMTL), Princess of Wales Hospital Coity Road Bridgend, United Kingdom, CF31 1RQ. Email chuck.smtl.co.uk Tel: +44 1656 752820 Fax: +44 1656 752830
