[Veritas-bu] vnetd question
we are having problems with a media server unable to connect to the EMM server (on the master). it is on a secondary media server that we initially set up and tested, but haven't had to use until now. environment: linux master and media servers, netbackup 6.0mp3 on media server 1: # netstat -a | grep vnet tcp 0 0 *:vnetd *:* LISTEN unix 2 [ ACC ] STREAM LISTENING 25838 /usr/openv/var/vnetd/vmd.uds unix 2 [ ACC ] STREAM LISTENING 25830 /usr/openv/var/vnetd/bpcompatd.uds on media server 2: # netstat -a | grep vnet tcp 0 0 *:vnetd*:* LISTEN unix 2 [ ACC ] STREAM LISTENING 78242 /usr/openv/var/vnetd/bpcompatd.uds to test vmd from the master: # bpcompatd -vmd_connect lebsmd1 the requested operation was successfully completed # bpcompatd -vmd_connect lebsmd2 cannot connect on socket how do i get the vmd.uds listener to run on media server 2? i renamed 2 old files which might have been created the last time that it ran correctly, and rebooted, and it didn't recreate the files: # pwd /usr/openv/var/vnetd # ls -l drwx-- 2 root root 4096 Nov 3 09:25 bpcompatd_child drwx-- 2 root root 4096 Nov 3 09:25 bpcompatd_parent -rw--- 1 root root 54 Nov 3 09:32 bpcompatd.txt srw--- 1 root root 0 Nov 3 09:32 bpcompatd.uds -r--r--r-- 1 root daemon 47 Jun 8 22:54 inetd_bpcd.txt -r--r--r-- 1 root daemon 92 Jun 8 22:54 inetd_bpjava-msvc.txt -r--r--r-- 1 root daemon 51 Jun 8 22:54 inetd_vopied.txt -rw-r--r-- 1 root root 75 Oct 11 11:43 vmd.txt.old srw--- 1 root root 0 Oct 11 11:43 vmd.uds.old thanks, jerald Confidentiality Note: The information contained in this message, and any attachments, may contain confidential and/or privileged material. It is intended solely for the person or entity to which it is addressed. Any review, retransmission, dissemination, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. ___ Veritas-bu maillist - Veritas-bu@mailman.eng.auburn.edu http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
Re: [Veritas-bu] vnetd question
Hello Dave You will need to open for 13724 (data port) media to client if you want to do restores. But looks like the client isn't using vnetd Regards Michael On Thu, 24 Aug 2006 15:58:08 -0700, Dave Lowenstein wrote I'm trying to make sure that netbackup 5.1 will work through a firewall with minimal ports being opened. What ports need to be open on the firewall if filtering by destination port: Media Client 13782 (bpcd) Client Media 13724 (vnetd) If the client needs to run user backups/restores, then the following port will also need to be opened: Client Master 13720 (bprd) Right? So I'm testing this out between two hosts with some more liberal firewall rules than above. Backups are working fine, restores are working fine. I believe I have all the vnetd stuff set correctly, although every piece of documentation I find shows a slightly different gui interface than what I'm seeing. Why am I still seeing it talking back and forth between media server and client with randomly selected destination ports (like 852 and 811)? There's also a fair amount of icmp going on back and forth between the two, which I'd like to be able to close down. client - serverTCP D=13724 S=852 Ack=392120625 Seq=931198138 Len=0 Win=49680 client - serverTCP D=13724 S=852 Push Ack=392120625 Seq=931198138 Len=2 Win=49680 server - client TCP D=852 S=13724 Ack=931198140 Seq=392120625 Len=0 Win=33118 server - client TCP D=852 S=13724 Push Ack=931198140 Seq=392120625 Len=2 Win=33120 client - serverTCP D=13724 S=852 Ack=392120627 Seq=931198140 Len=0 Win=49680 client - serverTCP D=13724 S=852 Push Ack=392120627 Seq=931198140 Len=2 Win=49680 server - client TCP D=852 S=13724 Ack=931198142 Seq=392120627 Len=0 Win=33120 client - serverTCP D=13724 S=852 Push Ack=392120627 Seq=931198142 Len=21 Win=49680 server - client TCP D=852 S=13724 Push Ack=931198163 Seq=392120627 Len=33 Win=33120 client - serverTCP D=13724 S=852 Ack=392120660 Seq=931198163 Len=0 Win=49680 client - serverTCP D=811 S=13782 Push Ack=1618165286 Seq=912667687 Len=2 Win=49680 server - client TCP D=13782 S=811 Ack=912667689 Seq=1618165286 Len=0 Win=34500 ___ Veritas-bu maillist - Veritas-bu@mailman.eng.auburn.edu http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu -- Cybercity Webhosting (http://www.cybercity.dk) ___ Veritas-bu maillist - Veritas-bu@mailman.eng.auburn.edu http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
Re: [Veritas-bu] vnetd question
was under the impression that all comms from client media uses vnetd 13724 when being utilised . It's the whole point of it I think. Regards Dave -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 25 August 2006 11:40 To: Dave Lowenstein; veritas-bu@mailman.eng.auburn.edu Cc: [EMAIL PROTECTED] Subject: Re: [Veritas-bu] vnetd question Hello Dave You will need to open for 13724 (data port) media to client if you want to do restores. But looks like the client isn't using vnetd Regards Michael On Thu, 24 Aug 2006 15:58:08 -0700, Dave Lowenstein wrote I'm trying to make sure that netbackup 5.1 will work through a firewall with minimal ports being opened. What ports need to be open on the firewall if filtering by destination port: Media Client 13782 (bpcd) Client Media 13724 (vnetd) If the client needs to run user backups/restores, then the following port will also need to be opened: Client Master 13720 (bprd) Right? So I'm testing this out between two hosts with some more liberal firewall rules than above. Backups are working fine, restores are working fine. I believe I have all the vnetd stuff set correctly, although every piece of documentation I find shows a slightly different gui interface than what I'm seeing. Why am I still seeing it talking back and forth between media server and client with randomly selected destination ports (like 852 and 811)? There's also a fair amount of icmp going on back and forth between the two, which I'd like to be able to close down. client - serverTCP D=13724 S=852 Ack=392120625 Seq=931198138 Len=0 Win=49680 client - serverTCP D=13724 S=852 Push Ack=392120625 Seq=931198138 Len=2 Win=49680 server - client TCP D=852 S=13724 Ack=931198140 Seq=392120625 Len=0 Win=33118 server - client TCP D=852 S=13724 Push Ack=931198140 Seq=392120625 Len=2 Win=33120 client - serverTCP D=13724 S=852 Ack=392120627 Seq=931198140 Len=0 Win=49680 client - serverTCP D=13724 S=852 Push Ack=392120627 Seq=931198140 Len=2 Win=49680 server - client TCP D=852 S=13724 Ack=931198142 Seq=392120627 Len=0 Win=33120 client - serverTCP D=13724 S=852 Push Ack=392120627 Seq=931198142 Len=21 Win=49680 server - client TCP D=852 S=13724 Push Ack=931198163 Seq=392120627 Len=33 Win=33120 client - serverTCP D=13724 S=852 Ack=392120660 Seq=931198163 Len=0 Win=49680 client - serverTCP D=811 S=13782 Push Ack=1618165286 Seq=912667687 Len=2 Win=49680 server - client TCP D=13782 S=811 Ack=912667689 Seq=1618165286 Len=0 Win=34500 ___ Veritas-bu maillist - Veritas-bu@mailman.eng.auburn.edu http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu -- Cybercity Webhosting (http://www.cybercity.dk) ___ Veritas-bu maillist - Veritas-bu@mailman.eng.auburn.edu http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu Notice to recipient: The information in this internet e-mail and any attachments is confidential and may be privileged. It is intended solely for the addressee. If you are not the intended addressee please notify the sender immediately by telephone. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to external clients any opinions or advice contained in this internet e-mail are subject to the terms and conditions expressed in any applicable governing terms of business or client engagement letter issued by the pertinent Bank of America group entity. If this email originates from the U.K. please note that Bank of America, N.A., London Branch and Banc of America Securities Limited are authorised and regulated by the Financial Services Authority. ___ Veritas-bu maillist - Veritas-bu@mailman.eng.auburn.edu http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
Re: [Veritas-bu] vnetd question
Correct so far. Now you need to configure the client to use VNETD. I'll give you the step by step from the version I have running at the moment, 5.0MP4. In your GUI, navigate down through: Host Properties - Master Server, then select your master on the right. Once the master info loads, right click on the master, and select Properties. In the properties window, select Client Attributes. In the window that opens, click Add, type in the name of the client behind the firewall, and click OK. Now select the newly added client from the list, then on the right, put a check in No connect-back, then ok your way out of everythingyou do not need to restart the NBU daemons, even if you're prompted to. Then re-run your backup. This process will have to be done for every client you want to backup behind a firewall. Paul -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Lowenstein Sent: August 24, 2006 6:58 PM To: veritas-bu@mailman.eng.auburn.edu Subject: [Veritas-bu] vnetd question I'm trying to make sure that netbackup 5.1 will work through a firewall with minimal ports being opened. What ports need to be open on the firewall if filtering by destination port: Media Client 13782 (bpcd) Client Media 13724 (vnetd) If the client needs to run user backups/restores, then the following port will also need to be opened: Client Master 13720 (bprd) Right? So I'm testing this out between two hosts with some more liberal firewall rules than above. Backups are working fine, restores are working fine. I believe I have all the vnetd stuff set correctly, although every piece of documentation I find shows a slightly different gui interface than what I'm seeing. Why am I still seeing it talking back and forth between media server and client with randomly selected destination ports (like 852 and 811)? There's also a fair amount of icmp going on back and forth between the two, which I'd like to be able to close down. client - serverTCP D=13724 S=852 Ack=392120625 Seq=931198138 Len=0 Win=49680 client - serverTCP D=13724 S=852 Push Ack=392120625 Seq=931198138 Len=2 Win=49680 server - client TCP D=852 S=13724 Ack=931198140 Seq=392120625 Len=0 Win=33118 server - client TCP D=852 S=13724 Push Ack=931198140 Seq=392120625 Len=2 Win=33120 client - serverTCP D=13724 S=852 Ack=392120627 Seq=931198140 Len=0 Win=49680 client - serverTCP D=13724 S=852 Push Ack=392120627 Seq=931198140 Len=2 Win=49680 server - client TCP D=852 S=13724 Ack=931198142 Seq=392120627 Len=0 Win=33120 client - serverTCP D=13724 S=852 Push Ack=392120627 Seq=931198142 Len=21 Win=49680 server - client TCP D=852 S=13724 Push Ack=931198163 Seq=392120627 Len=33 Win=33120 client - serverTCP D=13724 S=852 Ack=392120660 Seq=931198163 Len=0 Win=49680 client - serverTCP D=811 S=13782 Push Ack=1618165286 Seq=912667687 Len=2 Win=49680 server - client TCP D=13782 S=811 Ack=912667689 Seq=1618165286 Len=0 Win=34500 ___ Veritas-bu maillist - Veritas-bu@mailman.eng.auburn.edu http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu La version française suit le texte anglais. This email may contain privileged and/or confidential information, and the Bank of Canada does not waive any related rights. Any distribution, use, or copying of this email or the information it contains by other than the intended recipient is unauthorized. If you received this email in error please delete it immediately from your system and notify the sender promptly by email that you have done so. Le présent courriel peut contenir de l'information privilégiée ou confidentielle. La Banque du Canada ne renonce pas aux droits qui s'y rapportent. Toute diffusion, utilisation ou copie de ce courriel ou des renseignements qu'il contient par une personne autre que le ou les destinataires désignés est interdite Si vous recevez ce courriel par erreur, veuillez le supprimer immédiatement et envoyer sans délai à l'expéditeur un message électronique pour l'aviser que vous avez éliminé de votre ordinateur toute copie du courriel reçu. ___ Veritas-bu maillist - Veritas-bu@mailman.eng.auburn.edu http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
Re: [Veritas-bu] vnetd question
* Dave Lowenstein [EMAIL PROTECTED] [2006-08-24 15:58]: I'm trying to make sure that netbackup 5.1 will work through a firewall with minimal ports being opened. What ports need to be open on the firewall if filtering by destination port: Media Client 13782 (bpcd) Client Media 13724 (vnetd) If the client needs to run user backups/restores, then the following port will also need to be opened: Client Master 13720 (bprd) Right? So I'm testing this out between two hosts with some more liberal firewall rules than above. Backups are working fine, restores are working fine. I believe I have all the vnetd stuff set correctly, although every piece of documentation I find shows a slightly different gui interface than what I'm seeing. Why am I still seeing it talking back and forth between media server and client with randomly selected destination ports (like 852 and 811)? There's also a fair amount of icmp going on back and forth between the two, which I'd like to be able to close down. client - serverTCP D=13724 S=852 Ack=392120625 Seq=931198138 Len=0 Win=49680 client - serverTCP D=13724 S=852 Push Ack=392120625 Seq=931198138 Len=2 Win=49680 server - client TCP D=852 S=13724 Ack=931198140 Seq=392120625 Len=0 Win=33118 server - client TCP D=852 S=13724 Push Ack=931198140 Seq=392120625 Len=2 Win=33120 client - serverTCP D=13724 S=852 Ack=392120627 Seq=931198140 Len=0 Win=49680 client - serverTCP D=13724 S=852 Push Ack=392120627 Seq=931198140 Len=2 Win=49680 server - client TCP D=852 S=13724 Ack=931198142 Seq=392120627 Len=0 Win=33120 client - serverTCP D=13724 S=852 Push Ack=392120627 Seq=931198142 Len=21 Win=49680 server - client TCP D=852 S=13724 Push Ack=931198163 Seq=392120627 Len=33 Win=33120 client - serverTCP D=13724 S=852 Ack=392120660 Seq=931198163 Len=0 Win=49680 client - serverTCP D=811 S=13782 Push Ack=1618165286 Seq=912667687 Len=2 Win=49680 server - client TCP D=13782 S=811 Ack=912667689 Seq=1618165286 Len=0 Win=34500 What this looks like to me is that your SOURCE port is 852. Any real firewall won't care about this. What you are concerned about is if the DESTINATION is correct. What is most likely happening is the connection from the client to the media server has been established via vnetd, but the client end port is 852 or 811. The client source port doesn't have anything to do with it. The fact that the client is going after 13724 means that it's set up correctly. -- David Rock [EMAIL PROTECTED] ___ Veritas-bu maillist - Veritas-bu@mailman.eng.auburn.edu http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu