RE: Troubleshooting new Amanda client: Amanda user?
Kevin, thanks so much. You were right on the money. Disabling the firewall completely allow amcheck to work correctly. If you have some additional patience, I could use a hand trying to configure the firewall rules correctly on my amanda client. I tried to follow the directions at http://wiki.zmanda.com/index.php/How_To:Set_Up_iptables_for_Amanda to set up this rule on tobaccodev, my amanda client. This combines the amanda rule with the rules I set up using the firewall GUI in CentOS5 (RHEL5): [EMAIL PROTECTED] ~]# iptables -t filter -I INPUT 1 -p udp -m udp -s centernet.jhuccp.org --dport 10080:10083 -j ACCEPT [EMAIL PROTECTED] ~]# service iptables status Table: filter Chain INPUT (policy ACCEPT) num target prot opt source destination 1ACCEPT udp -- 10.253.192.205 0.0.0.0/0 udp dpts:10080:10083 2RH-Firewall-1-INPUT all -- 0.0.0.0/00.0.0.0/0 Chain FORWARD (policy ACCEPT) num target prot opt source destination 1RH-Firewall-1-INPUT all -- 0.0.0.0/00.0.0.0/0 Chain OUTPUT (policy ACCEPT) num target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) num target prot opt source destination 1ACCEPT all -- 0.0.0.0/00.0.0.0/0 2ACCEPT icmp -- 0.0.0.0/00.0.0.0/0 icmp type 255 3ACCEPT esp -- 0.0.0.0/00.0.0.0/0 4ACCEPT ah -- 0.0.0.0/00.0.0.0/0 5ACCEPT udp -- 0.0.0.0/0224.0.0.251 udp dpt:5353 6ACCEPT udp -- 0.0.0.0/00.0.0.0/0 udp dpt:631 7ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 tcp dpt:631 8ACCEPT all -- 0.0.0.0/00.0.0.0/0 state RELATED,ESTABLISHED 9ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:21 10 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:25 11 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:22 12 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:443 13 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:23 14 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:80 15 REJECT all -- 0.0.0.0/00.0.0.0/0 reject-with icmp-host-prohibited Here's an example of a no-error 'amcheck -c DBackup tobaccodev' from the tapeserver: [EMAIL PROTECTED] ~]# tcpdump -nn src or dst centernet and port amanda tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 10:28:58.190591 IP 10.253.192.205.854 10.253.192.217.10080: UDP, length 123 10:28:58.210814 IP 10.253.192.217.10080 10.253.192.205.854: UDP, length 50 10:28:58.212936 IP 10.253.192.217.10080 10.253.192.205.854: UDP, length 87 10:28:58.214318 IP 10.253.192.205.854 10.253.192.217.10080: UDP, length 50 10:28:58.216532 IP 10.253.192.205.854 10.253.192.217.10080: UDP, length 299 10:28:58.223632 IP 10.253.192.217.10080 10.253.192.205.854: UDP, length 50 10:28:58.233581 IP 10.253.192.217.10080 10.253.192.205.854: UDP, length 527 10:28:58.235018 IP 10.253.192.205.854 10.253.192.217.10080: UDP, length 50 8 packets captured 20 packets received by filter 0 packets dropped by kernel [EMAIL PROTECTED] ~]# I had to insert the rule to allow amanda packets in _before_ the RH-Firewall-1-INPUT rule to make it work. This tests correctly with amcheck, but I haven't tried an actual dump yet. If someone with some amanda firewall rule writing experience could check and confirm my work, I'll write an addendum to the Zmanda artile with my example, for other CentOS and RHEL users. Thanks, again, Kevin, for your advice and suggestions. -Kevin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Till Sent: Friday, June 22, 2007 5:33 PM Cc: amanda-users@amanda.org Subject: Re: Troubleshooting new Amanda client: Amanda user? Zembower, Kevin wrote: Kevin, thanks so much for writing. I appreciate your suggestions and questions. Here's /etc/xinet.d/amanda: [EMAIL PROTECTED] ~]# cat /etc/xinetd.d/amanda # default: off # description: The client for the Amanda backup system.\ # This must be on for systems being backed up\ # by Amanda. service amanda { socket_type = dgram protocol= udp wait= yes user= amanda group = disk server = /usr/lib/amanda/amandad disable = no } [EMAIL PROTECTED] ~]# No 'auth' seems to be indicated. It's running
Re: Troubleshooting new Amanda client: Amanda user?
On Tue, Jun 26, 2007 at 10:38:33AM -0400, Zembower, Kevin enlightened us: Kevin, thanks so much. You were right on the money. Disabling the firewall completely allow amcheck to work correctly. If you have some additional patience, I could use a hand trying to configure the firewall rules correctly on my amanda client. I tried to follow the directions at http://wiki.zmanda.com/index.php/How_To:Set_Up_iptables_for_Amanda to set up this rule on tobaccodev, my amanda client. This combines the amanda rule with the rules I set up using the firewall GUI in CentOS5 (RHEL5): [EMAIL PROTECTED] ~]# iptables -t filter -I INPUT 1 -p udp -m udp -s centernet.jhuccp.org --dport 10080:10083 -j ACCEPT [EMAIL PROTECTED] ~]# service iptables status Table: filter Chain INPUT (policy ACCEPT) num target prot opt source destination 1ACCEPT udp -- 10.253.192.205 0.0.0.0/0 udp dpts:10080:10083 2RH-Firewall-1-INPUT all -- 0.0.0.0/00.0.0.0/0 Chain FORWARD (policy ACCEPT) num target prot opt source destination 1RH-Firewall-1-INPUT all -- 0.0.0.0/00.0.0.0/0 Chain OUTPUT (policy ACCEPT) num target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) num target prot opt source destination 1ACCEPT all -- 0.0.0.0/00.0.0.0/0 2ACCEPT icmp -- 0.0.0.0/00.0.0.0/0 icmp type 255 3ACCEPT esp -- 0.0.0.0/00.0.0.0/0 4ACCEPT ah -- 0.0.0.0/00.0.0.0/0 5ACCEPT udp -- 0.0.0.0/0224.0.0.251 udp dpt:5353 6ACCEPT udp -- 0.0.0.0/00.0.0.0/0 udp dpt:631 7ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 tcp dpt:631 8ACCEPT all -- 0.0.0.0/00.0.0.0/0 state RELATED,ESTABLISHED 9ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:21 10 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:25 11 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:22 12 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:443 13 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:23 14 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:80 15 REJECT all -- 0.0.0.0/00.0.0.0/0 reject-with icmp-host-prohibited Here's an example of a no-error 'amcheck -c DBackup tobaccodev' from the tapeserver: [EMAIL PROTECTED] ~]# tcpdump -nn src or dst centernet and port amanda tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 10:28:58.190591 IP 10.253.192.205.854 10.253.192.217.10080: UDP, length 123 10:28:58.210814 IP 10.253.192.217.10080 10.253.192.205.854: UDP, length 50 10:28:58.212936 IP 10.253.192.217.10080 10.253.192.205.854: UDP, length 87 10:28:58.214318 IP 10.253.192.205.854 10.253.192.217.10080: UDP, length 50 10:28:58.216532 IP 10.253.192.205.854 10.253.192.217.10080: UDP, length 299 10:28:58.223632 IP 10.253.192.217.10080 10.253.192.205.854: UDP, length 50 10:28:58.233581 IP 10.253.192.217.10080 10.253.192.205.854: UDP, length 527 10:28:58.235018 IP 10.253.192.205.854 10.253.192.217.10080: UDP, length 50 8 packets captured 20 packets received by filter 0 packets dropped by kernel [EMAIL PROTECTED] ~]# I had to insert the rule to allow amanda packets in _before_ the RH-Firewall-1-INPUT rule to make it work. This tests correctly with amcheck, but I haven't tried an actual dump yet. If someone with some amanda firewall rule writing experience could check and confirm my work, I'll write an addendum to the Zmanda artile with my example, for other CentOS and RHEL users. Thanks, again, Kevin, for your advice and suggestions. -Kevin On my CentOS client systems, I modify /etc/sysconfig/iptables-config to read: IPTABLES_MODULES=ip_conntrack_ftp ip_conntrack_amanda And simply allow udp 10080 from the server (in /etc/sysconfig/iptables): -A INPUT -s 192.168.1.1 -d 192.168.1.30 -p udp -m udp --dport 10080 -j ACCEPT On the server I also allow tcp 10082 and 10083. On my bridging firewall, I modify /etc/modprobe.conf to include a longer timeout: options ip_conntrack_amanda master_timeout=2400 That works for me... Matt -- Matt Hyclak Department of Mathematics Department of Social Work Ohio University (740) 593-1263
RE: Troubleshooting new Amanda client: Amanda user?
Matt, thank you for your help. I didn't think that I had ip_conntrack_amanda, so I was trying to set it up without it. When I tried your way, it worked like a charm. Note to archive readers: I think it's important to insert the line: -A INPUT -s 192.168.1.1 -d 192.168.1.30 -p udp -m udp --dport 10080 -j ACCEPT _before_ the line: -A INPUT -j RH-Firewall-1-INPUT to prevent the packets from following the RH-Firewall-1-INPUT rules first, where they'll be discarded. Thanks, again, Matt. -Kevin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Hyclak Sent: Tuesday, June 26, 2007 11:39 AM To: amanda-users@amanda.org Subject: Re: Troubleshooting new Amanda client: Amanda user? On Tue, Jun 26, 2007 at 10:38:33AM -0400, Zembower, Kevin enlightened us: Kevin, thanks so much. You were right on the money. Disabling the firewall completely allow amcheck to work correctly. If you have some additional patience, I could use a hand trying to configure the firewall rules correctly on my amanda client. I tried to follow the directions at http://wiki.zmanda.com/index.php/How_To:Set_Up_iptables_for_Amanda to set up this rule on tobaccodev, my amanda client. This combines the amanda rule with the rules I set up using the firewall GUI in CentOS5 (RHEL5): [EMAIL PROTECTED] ~]# iptables -t filter -I INPUT 1 -p udp -m udp -s centernet.jhuccp.org --dport 10080:10083 -j ACCEPT [EMAIL PROTECTED] ~]# service iptables status Table: filter Chain INPUT (policy ACCEPT) num target prot opt source destination 1ACCEPT udp -- 10.253.192.205 0.0.0.0/0 udp dpts:10080:10083 2RH-Firewall-1-INPUT all -- 0.0.0.0/00.0.0.0/0 Chain FORWARD (policy ACCEPT) num target prot opt source destination 1RH-Firewall-1-INPUT all -- 0.0.0.0/00.0.0.0/0 Chain OUTPUT (policy ACCEPT) num target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) num target prot opt source destination 1ACCEPT all -- 0.0.0.0/00.0.0.0/0 2ACCEPT icmp -- 0.0.0.0/00.0.0.0/0 icmp type 255 3ACCEPT esp -- 0.0.0.0/00.0.0.0/0 4ACCEPT ah -- 0.0.0.0/00.0.0.0/0 5ACCEPT udp -- 0.0.0.0/0224.0.0.251 udp dpt:5353 6ACCEPT udp -- 0.0.0.0/00.0.0.0/0 udp dpt:631 7ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 tcp dpt:631 8ACCEPT all -- 0.0.0.0/00.0.0.0/0 state RELATED,ESTABLISHED 9ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:21 10 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:25 11 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:22 12 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:443 13 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:23 14 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:80 15 REJECT all -- 0.0.0.0/00.0.0.0/0 reject-with icmp-host-prohibited Here's an example of a no-error 'amcheck -c DBackup tobaccodev' from the tapeserver: [EMAIL PROTECTED] ~]# tcpdump -nn src or dst centernet and port amanda tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 10:28:58.190591 IP 10.253.192.205.854 10.253.192.217.10080: UDP, length 123 10:28:58.210814 IP 10.253.192.217.10080 10.253.192.205.854: UDP, length 50 10:28:58.212936 IP 10.253.192.217.10080 10.253.192.205.854: UDP, length 87 10:28:58.214318 IP 10.253.192.205.854 10.253.192.217.10080: UDP, length 50 10:28:58.216532 IP 10.253.192.205.854 10.253.192.217.10080: UDP, length 299 10:28:58.223632 IP 10.253.192.217.10080 10.253.192.205.854: UDP, length 50 10:28:58.233581 IP 10.253.192.217.10080 10.253.192.205.854: UDP, length 527 10:28:58.235018 IP 10.253.192.205.854 10.253.192.217.10080: UDP, length 50 8 packets captured 20 packets received by filter 0 packets dropped by kernel [EMAIL PROTECTED] ~]# I had to insert the rule to allow amanda packets in _before_ the RH-Firewall-1-INPUT rule to make it work. This tests correctly with amcheck, but I haven't tried an actual dump yet. If someone with some amanda firewall rule writing experience could check and confirm my work, I'll write an addendum to the Zmanda artile with my example, for other CentOS and RHEL users. Thanks, again, Kevin, for your advice and suggestions. -Kevin On my CentOS client systems, I modify /etc/sysconfig/iptables-config to read: IPTABLES_MODULES=ip_conntrack_ftp ip_conntrack_amanda And simply
Re: Troubleshooting new Amanda client: Amanda user?
Zembower, Kevin wrote: I'm trying to get a new Amanda client working with my existing Amanda system. My tapehost is a Debian/GNU 4.0 system named 'centernet.jhuccp.org.' It uses 'backup' as the Amanda username. My client is host 'tobaccodev.jhuccp.org' with CentOS 5, using 'amanda' as the Amanda user. The client 'amanda' has a ~/.amandahosts file containing: [EMAIL PROTECTED] ~]# cat /var/lib/amanda/.amandahosts centernet.jhuccp.org backup cn2.jhuccp.org backup [EMAIL PROTECTED] ~]# I have netstat output showing amanda listening, /etc/xinet.d/amanda with proper (I think) configuration, tcpdump with packets arriving for amanda from centernet, but the tapehost reports: [EMAIL PROTECTED]:~$ amcheck -c DBackup tobaccodev Amanda Backup Client Hosts Check WARNING: tobaccodev: selfcheck request failed: timeout waiting for ACK Client check: 1 host checked in 30.019 seconds, 1 problem found (brought to you by Amanda 2.5.1p1) [EMAIL PROTECTED]:~$ I'm running iptables on tobaccodev, but I set up a firewall rule according to http://wiki.zmanda.com/index.php/How_To:Set_Up_iptables_for_Amanda that I thought should have worked: [EMAIL PROTECTED] ~]# iptables -t filter -A INPUT -p udp -m udp -s centernet.jhuccp.org --dport 10080 -j ACCEPT [EMAIL PROTECTED] ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere ACCEPT udp -- centernet.jhuccp.org anywhereudp dpt:amanda snip I can't find any Amanda log files on the client tobaccodev. Can anyone point out what I'm doing wrong? Is there any other diagnostic I can run or send in to help troubleshoot this problem? what dumptype(particular what auth) is used? Please list /etc/xinet.d/amanda file. Additional auth (bsdtcp, bsdudp) are added to Amanda 2.5.1. Please see http://wiki.zmanda.com/index.php/Configuring_bsd/bsdudp/bsdtcp_authentication -- Thank you! Kevin Till Zmanda Management Console (ZMC) now available at http://zmanda.com
RE: Troubleshooting new Amanda client: Amanda user?
Kevin, thanks so much for writing. I appreciate your suggestions and questions. Here's /etc/xinet.d/amanda: [EMAIL PROTECTED] ~]# cat /etc/xinetd.d/amanda # default: off # description: The client for the Amanda backup system.\ # This must be on for systems being backed up\ # by Amanda. service amanda { socket_type = dgram protocol= udp wait= yes user= amanda group = disk server = /usr/lib/amanda/amandad disable = no } [EMAIL PROTECTED] ~]# No 'auth' seems to be indicated. The disklist entry for the 'tobaccodev' host on the tapehost is: [EMAIL PROTECTED]:~$ grep tobaccodev /etc/amanda/DBackup/disklist # tobaccodev host # Uncomment when internal DNS set up for tobaccodev tobaccodev /dev/mapper/VolGroup00-LogVol00 tar #tobaccodev: / tobaccodev /dev/sda1 tar #tobaccodev: /boot [EMAIL PROTECTED]:~$ No 'auth' is indicated there, either. The 'tar' dumptype is defined on the tapehost with: define dumptype global { comment Global definitions index yes } define dumptype tar { global program GNUTAR } Also, something may have just changed because of changes in my tobaccodev:~amanda/.amandahosts file, based on suggestions from Gene Heskett. This file now reads: [EMAIL PROTECTED] ~]# cat ~amanda/.amandahosts centernet.jhuccp.org backup amdump amindexd amidxtaped cn2.jhuccp.org backup amdump amindexd amidxtaped [EMAIL PROTECTED] ~]# This seems to now have caused the amanda log files to be written: [EMAIL PROTECTED] ~]# ls -la /var/log/amanda/amandad.200706221* -rw-r- 1 amanda disk 2525 Jun 22 14:26 /var/log/amanda/amandad.20070622142641.debug -rw-r- 1 amanda disk 2525 Jun 22 15:02 /var/log/amanda/amandad.20070622150238.debug [EMAIL PROTECTED] ~]# cat /var/log/amanda/amandad.20070622150238.debug amandad: debug 1 pid 8055 ruid 0 euid 33: start at Fri Jun 22 15:02:38 2007 amandad: version 2.5.0p2 amandad: build: VERSION=Amanda-2.5.0p2 amandad:BUILT_DATE=Sun Jan 7 04:49:22 EST 2007 amandad:BUILT_MACH=Linux builder5.centos.org 2.6.9-42.0.3.ELsmp #1 SMP Fri Oct 6 06:28:26 CDT 2006 i686 i686 i386 GNU/Linux amandad:CC=gcc amandad:CONFIGURE_COMMAND='./configure' '--build=i686-redhat-linux-gnu' '--host=i686-redhat-linux-gnu' '--target=i386-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib' '--libexecdir=/usr/lib/amanda' '--localstatedir=/var/lib' '--sharedstatedir=/usr/com' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--enable-shared' '--disable-static' '--disable-dependency-tracking' '--with-index-server=amandahost' '--with-tape-server=amandahost' '--with-config=DailySet1' '--with-gnutar-listdir=/var/lib/amanda/gnutar-lists' '--with-smbclient=/usr/bin/smbclient' '--with-dumperdir=/usr/lib/amanda/dumperdir' '--with-amandahosts' '--with-user=amanda' '--with-group=disk' '--with-tmpdir=/var/log/amanda' '--with-gnutar=/bin/tar' '--with-ssh-security' amandad: paths: bindir=/usr/bin sbindir=/usr/sbin amandad:libexecdir=/usr/lib/amanda mandir=/usr/share/man amandad:AMANDA_TMPDIR=/var/log/amanda amandad:AMANDA_DBGDIR=/var/log/amanda CONFIG_DIR=/etc/amanda amandad:DEV_PREFIX=/dev/ RDEV_PREFIX=/dev/r amandad:DUMP=/sbin/dump RESTORE=/sbin/restore VDUMP=UNDEF amandad:VRESTORE=UNDEF XFSDUMP=UNDEF XFSRESTORE=UNDEF VXDUMP=UNDEF amandad:VXRESTORE=UNDEF SAMBA_CLIENT=/usr/bin/smbclient amandad:GNUTAR=/bin/tar COMPRESS_PATH=/bin/gzip amandad:UNCOMPRESS_PATH=/bin/gzip LPRCMD=/usr/bin/lpr amandad:MAILER=/usr/bin/Mail amandad:listed_incr_dir=/var/lib/amanda/gnutar-lists amandad: defs: DEFAULT_SERVER=amandahost DEFAULT_CONFIG=DailySet1 amandad:DEFAULT_TAPE_SERVER=amandahost amandad:DEFAULT_TAPE_DEVICE=null: HAVE_MMAP HAVE_SYSVSHM amandad:LOCKING=POSIX_FCNTL SETPGRP_VOID DEBUG_CODE amandad:AMANDA_DEBUG_DAYS=4 BSD_SECURITY RSH_SECURITY USE_AMANDAHOSTS amandad:CLIENT_LOGIN=amanda FORCE_USERID HAVE_GZIP amandad:COMPRESS_SUFFIX=.gz COMPRESS_FAST_OPT=--fast amandad:COMPRESS_BEST_OPT=--best UNCOMPRESS_OPT=-dc [EMAIL PROTECTED] ~]# I'm still getting an error, and this log file doesn't clearly indicate to me the source of the problem. Thanks, again, for your help. -Kevin -Original Message- From: Kevin Till [mailto:[EMAIL PROTECTED] Sent: Friday, June 22, 2007 2:17 PM To: Zembower, Kevin Cc: amanda-users@amanda.org Subject: Re: Troubleshooting new Amanda client: Amanda user? Zembower, Kevin wrote: I'm trying to get a new Amanda client working with my existing Amanda system. My tapehost is a Debian/GNU 4.0 system named
Re: Troubleshooting new Amanda client: Amanda user?
: Troubleshooting new Amanda client: Amanda user? Zembower, Kevin wrote: I'm trying to get a new Amanda client working with my existing Amanda system. My tapehost is a Debian/GNU 4.0 system named 'centernet.jhuccp.org.' It uses 'backup' as the Amanda username. My client is host 'tobaccodev.jhuccp.org' with CentOS 5, using 'amanda' as the Amanda user. The client 'amanda' has a ~/.amandahosts file containing: [EMAIL PROTECTED] ~]# cat /var/lib/amanda/.amandahosts centernet.jhuccp.org backup cn2.jhuccp.org backup [EMAIL PROTECTED] ~]# I have netstat output showing amanda listening, /etc/xinet.d/amanda with proper (I think) configuration, tcpdump with packets arriving for amanda from centernet, but the tapehost reports: [EMAIL PROTECTED]:~$ amcheck -c DBackup tobaccodev Amanda Backup Client Hosts Check WARNING: tobaccodev: selfcheck request failed: timeout waiting for ACK Client check: 1 host checked in 30.019 seconds, 1 problem found (brought to you by Amanda 2.5.1p1) [EMAIL PROTECTED]:~$ I'm running iptables on tobaccodev, but I set up a firewall rule according to http://wiki.zmanda.com/index.php/How_To:Set_Up_iptables_for_Amanda that I thought should have worked: [EMAIL PROTECTED] ~]# iptables -t filter -A INPUT -p udp -m udp -s centernet.jhuccp.org --dport 10080 -j ACCEPT [EMAIL PROTECTED] ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere ACCEPT udp -- centernet.jhuccp.org anywhereudp dpt:amanda snip I can't find any Amanda log files on the client tobaccodev. Can anyone point out what I'm doing wrong? Is there any other diagnostic I can run or send in to help troubleshoot this problem? what dumptype(particular what auth) is used? Please list /etc/xinet.d/amanda file. Additional auth (bsdtcp, bsdudp) are added to Amanda 2.5.1. Please see http://wiki.zmanda.com/index.php/Configuring_bsd/bsdudp/bsdtcp_authentic ation -- Thank you! Kevin Till Zmanda Management Console (ZMC) now available at http://zmanda.com