Re: hostname lookup failed?

2001-04-27 Thread Tom Hudak 

On Fri, Apr 27, 2001 at 02:15:47PM -0500, John R. Jackson wrote:
I think this is saying that on host samba2 it could not take IP address
10.0.1.2 and convert that back to a host name.  That IP address should
be the IP address of the machine that connected to samba2, i.e. your
tape server (where you ran amcheck).

So, go to samba2 and see if you can do a lookup of 10.0.1.2 and get back
the right answer.
Ah ha! I thought I had copied the hosts file over... guess I was wrong.
Works fine now.

Also, does that error have anything to do with this:

 NOTE: info dir /var/log/amanda/DailySet1/curinfo/samba2: does not exist
 NOTE: index dir /var/log/amanda/DailySet1/index/samba2: does not exist

Those are just telling you you haven't done any backups of samba2 yet
so those areas (directories) don't exist.  They will be created on the
first good run.
Yeah, I figured that, but I thought I'd explore all avenues.

Thomas J. Hudak

John R. Jackson, Technical Software Specialist, [EMAIL PROTECTED]
Thanks,
-- 
Thomas J. Hudak
Systems Administrator
Sistina Software Inc. - www.sistina.com
Phone: 612.379.3951 
Page: 612.318.1967
Fax: 612.379.3952
Key fingerprint = BEC6 3181 4C9B A7BB AF11  4717 6F85 B346 380D 523E


 PGP signature

firewalls??

2000-12-01 Thread Tom Hudak 

Ok, I've posted to the group 2 times and no-one seems to have setup a working
config through a firewall or can only guess as to how it *should* be, I have
come to the conclusion that amcheck transmits it's data over ports *outside*
of my specified range due to the fact that I can use nc to listen on either
end on every port I've specified and they communicate directly yet amcheck
still reports that the 6 port is unsecure. Something from amcheck is being
masqueraded, I'm not sure exactly how to continue other than logging all
netstat or tcpdump data and scouring it form data about amcheck... There must
be an easier way to break through my firewall than this. If you have any
suggestions please send them my way, I do not want to re-arrange the web/mail
server setup to accomodate my backup scheme. My configuration schemes are
listed in my last post, and due to mail havoc things aren't functioning quite
as smoothly as and mail isn't being sorted properly yet, so excuse me if I'm
repeating myself as I may not have yet seen replies.
Thanks a lot,
-- 
Thomas J. Hudak
Jr. Systems Administrator
Sistina Software Inc.
Phone: 612.379.3951 Fax: 612.379.3952

 PGP signature

amcheck and ports?

2000-12-01 Thread Tom Hudak 

After much brain storming and headaches, I have come to 1 conclusion, amcheck
is opening and transferring data on a (range) port(s) that are separate from
what I have specified during configure. This occured to me after studying my
known goods, port-port links are all ok, tested both directions with netcat
(still not sure how masq does its masquerading...), verified perms on all
affected binaries (amandad, amcheck) but only after running tcpdump | grep -e
".*amanda.*" was I able to know for a fact amcheck DOES NOT exclusively use
the assigned port ranges! That is what is mucking up the process of amcheck
successfully checking the remote hosts through a masquerading firewall. The
output I received from tcpdump | grep -e ".*amanda.*" is below.

tcpdump: listening on eth0
15:40:32.168288 fry.sistina.com.64280  bender.sistina.com.amanda: udp 176
15:40:32.175191 bender.sistina.com.amanda  fry.sistina.com.64280: udp 49
15:40:32.177088 bender.sistina.com.amanda  fry.sistina.com.64280: udp 101
15:40:32.208256 fry.sistina.com.64280  bender.sistina.com.amanda: udp 49

the only port above that *should*(?) be used by amcheck is the hostname
service (port 101), which is the one port that I would assume is necessary to the
function of amcheck and it's security measures, but in turn screws the ability
to function via a masqueraded firewall without the proper rules. The others
seem to be opened intentionally (as opposed to randomly) but do not follow the
udp port restrictions I specified at compile time. Is this a bug? is this a
feature? is this functionality simply unintentional? Whatever the reason,
those ports are what cause the otherwise properly forwarded communications
pathways to get hosed while running amcheck. If anyone has a
fix/patch/update/suggestion/whatever for how to force amcheck to strictly use
the specified udpportrange I would love to know. I am not a programmer or I
would start digging through source to find the answers I need. Also, if
someone could clear up the tcpdump output as I'm not fully sure that I
understand *exactly* what each line means, but vaguely I understand that data
from homer (behind the masq/firewall), since there is no input policy or
forwarded port, is masquerading the data to bender, which intern see's it as
an insecure port (due to masq) and responds appropriately. Again, this is all
just an educated guess with some logged info to give me a known good. If
anyone can clear up what amcheck is doing on those ports, or why, please let
the list know. I have been searching through the mailing list archives for
both users and hackers, and this has apparently been an issue for a while
with no resolution currently available.

*note: tcpdump results are the same ports EVERY time I've run it and I have
not yet gotten any of the ipchains/ipmasqadm portfw rules to successfully
avoid masqerading that data.
Thanks ahead of time for any answers/suggestions given, this has been an issue
for a while that I'm sure many people would love to see resolved.
I hope this helps a little bit.
-- 
Thomas J. Hudak
Jr. Systems Administrator
Sistina Software Inc.
Phone: 612.379.3951 Fax: 612.379.3952

 PGP signature

firewall config and netcat works... why dosn't amcheck?

2000-11-30 Thread Tom Hudak 

Ok, using netcat I have determined that direct port-port communications exist
for all specified portranges as well as 10080 via udp as configured for
amandad.
using the commands:
homer: nc -l -p 10080
bender: nc -p 10080 -v homer.sistina.com 10080 - cmd-in-nc amanda
to which homer's nc session prints amanda
this works both ways on ALL configured port ranges (11080-11084-tcp / 850-854-udp)
Here is my ipchains/ipmasqadm portfw rule set.

/sbin/ipchains -A input -p udp -s $HOMER 10080 -d $BENDER 10080 -j ACCEPT
/usr/sbin/ipmasqadm portfw -a -P udp -L $FRY 10080 -R $HOMER 10080
/sbin/ipchains -A output -p udp -s $FRY 10080 -d $HOMER 10080 -j ACCEPT

/sbin/ipchains -A output -p tcp --sport 11080:11084 --dport 11080:11084 -s
$FRY -d $HOMER -j ACCEPT

/usr/sbin/ipmasqadm portfw -a -P tcp -L $FRY 11080 -R $HOMER 11080
/usr/sbin/ipmasqadm portfw -a -P tcp -L $FRY 11081 -R $HOMER 11081
/usr/sbin/ipmasqadm portfw -a -P tcp -L $FRY 11082 -R $HOMER 11082
/usr/sbin/ipmasqadm portfw -a -P tcp -L $FRY 11083 -R $HOMER 11083
/usr/sbin/ipmasqadm portfw -a -P tcp -L $FRY 11084 -R $HOMER 11084

## UDP forwarding from homer to bender
/sbin/ipchains -A output -p udp --sport 850:854 --dport 850:854 -s $FRY -d
$HOMER -j ACCEPT

/usr/sbin/ipmasqadm portfw -a -P udp -L $FRY 850 -R $HOMER 850 
/usr/sbin/ipmasqadm portfw -a -P udp -L $FRY 851 -R $HOMER 851
/usr/sbin/ipmasqadm portfw -a -P udp -L $FRY 852 -R $HOMER 852
/usr/sbin/ipmasqadm portfw -a -P udp -L $FRY 853 -R $HOMER 853
/usr/sbin/ipmasqadm portfw -a -P udp -L $FRY 854 -R $HOMER 854

What other ports if any should/need to be forwarded or allowed through in
order to get amcheck to complete successfully, as I am still getting this
error.? ERROR: bender: [host fry.sistina.com: port 64865 not secure]
Could it have something to do with the placement of the rules (probably a
question for the author of ipchains)? or possibly that even though the rules
are set and the routes work, everything is still being masqueraded? Is there a
way to force no masquerading for a port or range of ports? I know these are
not questions specific to amanda itself, but this is the only issue I have yet
to deal with before a successful 2.4.2 config for ALL my boxen. Has anyone
else backed up boxen OUTSIDE of their internal lan through an ipchains/other
based firewall? Any light that could be shed on this problem is that much more
helpfull. Thanks ahead of time for any responses.
-- 
Thomas J. Hudak
Jr. Systems Administrator
Sistina Software Inc.
Phone: 612.379.3951 Fax: 612.379.3952

 PGP signature

Re: Selfcheck timeout

2000-11-13 Thread Tom Hudak 

I was just checking over the strace's for amcheck and planner, and noticed,
that amcheck makes a chdir call to change workin dir to /etc/amanda/DailySet1
when trying to open the amanda.conf file. Planner on the other hand makes no
such call, and therefore lacks the ability to see "amanda.conf" which is the
only thing it tries to open. If I could find out what variable is being set or
how this working dir is called I think I'll be ok, but it seems to me that a
standalone program like planner would have the ability to know *WHERE* it's
config files are, and if not, have a command line option to point at it. Not
just simply fail and dump to prompt. I'm thinking about manually editing the
planner.c to point specifically to /etc/amanda/amanda.conf but I don't
particularly *want* to do that nor do I have the time, nor am I a programmer.
If someone has a solution for this, you would be making my life MUCH
easier.
Thanks,
Tom Hudak
On Mon, Nov 13, 2000 at 11:03:41AM -0600, Tom Hudak wrote:
Does anyone else have problem with planner not reading the config file? I can
see in the planner output that it's looking in /etc/amanda which is 664 and
has a copy of amanda.conf as well as /etc/amanda/DailySet1 which is where I'm
assuming it's looking. Planner should be able to read and execute fine, it's
+s and I'm running it as the backup user. --help and -h give me no info, and
there's no manpage to read about, so I'm stuck guessing whats causing this.
Any help would be greatly appreciated.
Thanks,
Tom Hudak



 PGP signature

planner

2000-11-13 Thread Tom Hudak 

Ok, once again my fault... planner is opening "amanda.conf" which it cannot
see when being run from the dir it's in. I didn't figure this out til I ran
the strace's on amcheck AND planner and looked at how it accessed the config
file. I now will run planner from within the /etc/amanda/DailySet1 dir to test
any probs and if anyone else has this happen, make a note to run planner from
the config file's dir. Sorry if anyone was annoyed by the flurry of postings
from me, but I was in a hurry and posted BEFORE I really had time to research
the problem. Thanks again to all those that responded with advice.
Thanks,
Tom Hudak


 PGP signature

Re: planner

2000-11-13 Thread Tom Hudak 

Well, to be honest, it was pissing me off. I had no way to verify what
problems were caused by a timeout, no authorization, improper setup, but what
was happening was (I found this out by running planner by hand) that planner
itself was getting this error, "Connection packet receive: connection timed
out" or something very similar (I wiped the log.) but it was showing up in the
amdump reports as "RESULTS MISSING" on ALL drives, as well as a quickie at the
end stating that it got an "empty schedule from planner." Well, talk about no
mention of either problem in the FAQ! or at least not the problem that I was
having. The "RESULTS MISSING" on my systems has NOTHING to do with the size of
the UDP packet being transfered, but the fact that planner would not even run
(and exit with 0).
I have since gotten planner to run on it's own via amdump, as well as command
line, and have stopped receiving those errors. I'm not sure why it was having
trouble indexing the drives, but it seems to *not* have that trouble any more.
Neither the sendsize.debug nor the amandad.debug report any problem or error's
with the run, all I ever see is amandad: got ack: and some other
versioning/debugging output, none of which states anything about any problems.
I'm sorry if the info I'm giving you isn't much, but there's not much to be
found. amdump's mail's give a vague description of a problem and there isn't
much of a way to cross-reference that except the monthly archives/FAQ-o-Matic
for which you have to determine the problem and the resolution to be any good.
(hence defeating the purpose of the faq, to answer your unanswered question,
maybe using the faq-o-matic could be used in determining what problems are,
but as a reference for vague errors that could potentially be caused by many
things, it just isn't enough.) Now that planner is indexing drives, things
seem to be running A LOT smoother, such as amdump running all the way through,
planner index's, taper records, etc. Thanks for the fast action on the mailing
list, you've made one (I'm sure many more.) admin happy. Next task, punch a
hole in the firewall for the web/ftp and I'll be golden.
Thanks again,
Tom Hudak
On Mon, Nov 13, 2000 at 02:49:47PM -0500, John R. Jackson wrote:
Dare I ask **why** you're trying to run planner by hand?  I noticed the
Subject on the previous E-mail was "Selfcheck timeout".  Do I infer from
that that one (or more) clients are having this issue?

Since you're not getting a "connection refused" type error, I'm
guessing amandad/sendsize are getting started on the client, but it
would be useful to see that output (/tmp/amanda/amandad*debug and
sendsize*debug).  One possibility is that it is taking a long time to
gather the estimate (for some reason) and that Amanda is getting tired
of waiting.  The etimeout configuration parameter controls that, or it
might be something wrong with the client (or dump program) itself.

Tom Hudak

John R. Jackson, Technical Software Specialist, [EMAIL PROTECTED]

 PGP signature

RESULTS MISSING

2000-11-09 Thread Tom Hudak 

I have just ironed out my config, setup my clients and gotten amcheck to run
without problems, after setting the "record no" global option, running amdump
spits out this:
FAILURE AND STRANGE DUMP SUMMARY:
  smb/home RESULTS MISSING
  smb/var/data/kalisa RESULTS MISSING
  homer  /dev/hda1 RESULTS MISSING
  homer  /dev/md0 RESULTS MISSING


STATISTICS:
  Total   Full  Daily
      
Dump Time (hrs:min)0:00   0:00   0:00   (0:00 start, 0:00
idle) 
Output Size (meg)   0.00.00.0
Original Size (meg) 0.00.00.0
Avg Compressed Size (%) -- -- --
Tape Used (%)   0.00.00.0
Filesystems Dumped0  0  0
Avg Dump Rate (k/s) -- -- --
Avg Tp Write Rate (k/s) -- -- --

^L
NOTES:
  driver: WARNING: got empty schedule from planner
  taper: tape Daily-05 kb 0 fm 0 [OK]

^L
DUMP SUMMARY:
  DUMPER STATS  TAPER
STATS 
HOSTNAME  DISK   L  ORIG-KB   OUT-KB COMP%  MMM:SS   KB/s  MMM:SS KB/s
homer /dev/hda1 MISSING

homer /dev/md0  MISSING

smb   /home MISSING

smb   -r/data/kalisaMISSING


(brought to you by Amanda version 2.4.1p1)
My question relates to the line's containing RESULTS MISSING (although I'm not
sure how the -r got in there, the disklist contains the full path: "smb --  
-r/data/kalisa --". I 
have checked the amdump.debug, selfcheck.debug and looked for other .debug files but 
found
none on both the server and the client. Neither the client or host .debug
files contain anything about error's or problems, yet the error continues.
What causes this? am I not looking at the right debug files? I have found MANY
submissions like this to the hackers list, none of them seem to fit my current
setup. This is a brand spankin' new config and I *believe* it's correct. Any
info would be MUCH appreciated.


 PGP signature

Re: RESULTS MISSING

2000-11-09 Thread Tom Hudak 

On Thu, Nov 09, 2000 at 06:26:54AM -0600, Tom Hudak wrote:
I have a modification, it turns out the dumpers program was not u+x, so it
choked, now I'm getting "request to HOST timed out." I do not see a resolution
before leaving work tonight being reasonable, but If I should get any more
info in the next day or so, I'll repost.

I have just ironed out my config, setup my clients and gotten amcheck to run
without problems, after setting the "record no" global option, running amdump
spits out this:
FAILURE AND STRANGE DUMP SUMMARY:
  smb/home RESULTS MISSING
  smb/var/data/kalisa RESULTS MISSING
  homer  /dev/hda1 RESULTS MISSING
  homer  /dev/md0 RESULTS MISSING


STATISTICS:
  Total   Full  Daily
      
Dump Time (hrs:min)0:00   0:00   0:00   (0:00 start, 0:00
idle) 
Output Size (meg)   0.00.00.0
Original Size (meg) 0.00.00.0
Avg Compressed Size (%) -- -- --
Tape Used (%)   0.00.00.0
Filesystems Dumped0  0  0
Avg Dump Rate (k/s) -- -- --
Avg Tp Write Rate (k/s) -- -- --

^L
NOTES:
  driver: WARNING: got empty schedule from planner
  taper: tape Daily-05 kb 0 fm 0 [OK]

^L
DUMP SUMMARY:
  DUMPER STATS  TAPER
STATS 
HOSTNAME  DISK   L  ORIG-KB   OUT-KB COMP%  MMM:SS   KB/s  MMM:SS KB/s
homer /dev/hda1 MISSING

homer /dev/md0  MISSING

smb   /home MISSING

smb   -r/data/kalisaMISSING


(brought to you by Amanda version 2.4.1p1)
My question relates to the line's containing RESULTS MISSING (although I'm not
sure how the -r got in there, the disklist contains the full path: "smb --  
-r/data/kalisa --". I 
have checked the amdump.debug, selfcheck.debug and looked for other .debug files but 
found
none on both the server and the client. Neither the client or host .debug
files contain anything about error's or problems, yet the error continues.
What causes this? am I not looking at the right debug files? I have found MANY
submissions like this to the hackers list, none of them seem to fit my current
setup. This is a brand spankin' new config and I *believe* it's correct. Any
info would be MUCH appreciated.




 PGP signature