RE: Troubleshooting new Amanda client: Amanda user?
Kevin, thanks so much. You were right on the money. Disabling the
firewall completely allow amcheck to work correctly.
If you have some additional patience, I could use a hand trying to
configure the firewall rules correctly on my amanda client. I tried to
follow the directions at
http://wiki.zmanda.com/index.php/How_To:Set_Up_iptables_for_Amanda to
set up this rule on tobaccodev, my amanda client. This combines the
amanda rule with the rules I set up using the firewall GUI in CentOS5
(RHEL5):
[EMAIL PROTECTED] ~]# iptables -t filter -I INPUT 1 -p udp -m udp -s
centernet.jhuccp.org --dport 10080:10083 -j ACCEPT
[EMAIL PROTECTED] ~]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1ACCEPT udp -- 10.253.192.205 0.0.0.0/0 udp
dpts:10080:10083
2RH-Firewall-1-INPUT all -- 0.0.0.0/00.0.0.0/0
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1RH-Firewall-1-INPUT all -- 0.0.0.0/00.0.0.0/0
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
num target prot opt source destination
1ACCEPT all -- 0.0.0.0/00.0.0.0/0
2ACCEPT icmp -- 0.0.0.0/00.0.0.0/0 icmp
type 255
3ACCEPT esp -- 0.0.0.0/00.0.0.0/0
4ACCEPT ah -- 0.0.0.0/00.0.0.0/0
5ACCEPT udp -- 0.0.0.0/0224.0.0.251 udp
dpt:5353
6ACCEPT udp -- 0.0.0.0/00.0.0.0/0 udp
dpt:631
7ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 tcp
dpt:631
8ACCEPT all -- 0.0.0.0/00.0.0.0/0 state
RELATED,ESTABLISHED
9ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state
NEW tcp dpt:21
10 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state
NEW tcp dpt:25
11 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state
NEW tcp dpt:22
12 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state
NEW tcp dpt:443
13 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state
NEW tcp dpt:23
14 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state
NEW tcp dpt:80
15 REJECT all -- 0.0.0.0/00.0.0.0/0
reject-with icmp-host-prohibited
Here's an example of a no-error 'amcheck -c DBackup tobaccodev' from the
tapeserver:
[EMAIL PROTECTED] ~]# tcpdump -nn src or dst centernet and port amanda
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
10:28:58.190591 IP 10.253.192.205.854 10.253.192.217.10080: UDP,
length 123
10:28:58.210814 IP 10.253.192.217.10080 10.253.192.205.854: UDP,
length 50
10:28:58.212936 IP 10.253.192.217.10080 10.253.192.205.854: UDP,
length 87
10:28:58.214318 IP 10.253.192.205.854 10.253.192.217.10080: UDP,
length 50
10:28:58.216532 IP 10.253.192.205.854 10.253.192.217.10080: UDP,
length 299
10:28:58.223632 IP 10.253.192.217.10080 10.253.192.205.854: UDP,
length 50
10:28:58.233581 IP 10.253.192.217.10080 10.253.192.205.854: UDP,
length 527
10:28:58.235018 IP 10.253.192.205.854 10.253.192.217.10080: UDP,
length 50
8 packets captured
20 packets received by filter
0 packets dropped by kernel
[EMAIL PROTECTED] ~]#
I had to insert the rule to allow amanda packets in _before_ the
RH-Firewall-1-INPUT rule to make it work. This tests correctly with
amcheck, but I haven't tried an actual dump yet.
If someone with some amanda firewall rule writing experience could check
and confirm my work, I'll write an addendum to the Zmanda artile with my
example, for other CentOS and RHEL users.
Thanks, again, Kevin, for your advice and suggestions.
-Kevin
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kevin Till
Sent: Friday, June 22, 2007 5:33 PM
Cc: amanda-users@amanda.org
Subject: Re: Troubleshooting new Amanda client: Amanda user?
Zembower, Kevin wrote:
Kevin, thanks so much for writing. I appreciate your suggestions and
questions.
Here's /etc/xinet.d/amanda:
[EMAIL PROTECTED] ~]# cat /etc/xinetd.d/amanda
# default: off
# description: The client for the Amanda backup system.\
# This must be on for systems being backed up\
# by Amanda.
service amanda
{
socket_type = dgram
protocol= udp
wait= yes
user= amanda
group = disk
server = /usr/lib/amanda/amandad
disable = no
}
[EMAIL PROTECTED] ~]#
No 'auth' seems to be indicated.
It's running
Re: Troubleshooting new Amanda client: Amanda user?
On Tue, Jun 26, 2007 at 10:38:33AM -0400, Zembower, Kevin enlightened us: Kevin, thanks so much. You were right on the money. Disabling the firewall completely allow amcheck to work correctly. If you have some additional patience, I could use a hand trying to configure the firewall rules correctly on my amanda client. I tried to follow the directions at http://wiki.zmanda.com/index.php/How_To:Set_Up_iptables_for_Amanda to set up this rule on tobaccodev, my amanda client. This combines the amanda rule with the rules I set up using the firewall GUI in CentOS5 (RHEL5): [EMAIL PROTECTED] ~]# iptables -t filter -I INPUT 1 -p udp -m udp -s centernet.jhuccp.org --dport 10080:10083 -j ACCEPT [EMAIL PROTECTED] ~]# service iptables status Table: filter Chain INPUT (policy ACCEPT) num target prot opt source destination 1ACCEPT udp -- 10.253.192.205 0.0.0.0/0 udp dpts:10080:10083 2RH-Firewall-1-INPUT all -- 0.0.0.0/00.0.0.0/0 Chain FORWARD (policy ACCEPT) num target prot opt source destination 1RH-Firewall-1-INPUT all -- 0.0.0.0/00.0.0.0/0 Chain OUTPUT (policy ACCEPT) num target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) num target prot opt source destination 1ACCEPT all -- 0.0.0.0/00.0.0.0/0 2ACCEPT icmp -- 0.0.0.0/00.0.0.0/0 icmp type 255 3ACCEPT esp -- 0.0.0.0/00.0.0.0/0 4ACCEPT ah -- 0.0.0.0/00.0.0.0/0 5ACCEPT udp -- 0.0.0.0/0224.0.0.251 udp dpt:5353 6ACCEPT udp -- 0.0.0.0/00.0.0.0/0 udp dpt:631 7ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 tcp dpt:631 8ACCEPT all -- 0.0.0.0/00.0.0.0/0 state RELATED,ESTABLISHED 9ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:21 10 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:25 11 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:22 12 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:443 13 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:23 14 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:80 15 REJECT all -- 0.0.0.0/00.0.0.0/0 reject-with icmp-host-prohibited Here's an example of a no-error 'amcheck -c DBackup tobaccodev' from the tapeserver: [EMAIL PROTECTED] ~]# tcpdump -nn src or dst centernet and port amanda tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 10:28:58.190591 IP 10.253.192.205.854 10.253.192.217.10080: UDP, length 123 10:28:58.210814 IP 10.253.192.217.10080 10.253.192.205.854: UDP, length 50 10:28:58.212936 IP 10.253.192.217.10080 10.253.192.205.854: UDP, length 87 10:28:58.214318 IP 10.253.192.205.854 10.253.192.217.10080: UDP, length 50 10:28:58.216532 IP 10.253.192.205.854 10.253.192.217.10080: UDP, length 299 10:28:58.223632 IP 10.253.192.217.10080 10.253.192.205.854: UDP, length 50 10:28:58.233581 IP 10.253.192.217.10080 10.253.192.205.854: UDP, length 527 10:28:58.235018 IP 10.253.192.205.854 10.253.192.217.10080: UDP, length 50 8 packets captured 20 packets received by filter 0 packets dropped by kernel [EMAIL PROTECTED] ~]# I had to insert the rule to allow amanda packets in _before_ the RH-Firewall-1-INPUT rule to make it work. This tests correctly with amcheck, but I haven't tried an actual dump yet. If someone with some amanda firewall rule writing experience could check and confirm my work, I'll write an addendum to the Zmanda artile with my example, for other CentOS and RHEL users. Thanks, again, Kevin, for your advice and suggestions. -Kevin On my CentOS client systems, I modify /etc/sysconfig/iptables-config to read: IPTABLES_MODULES=ip_conntrack_ftp ip_conntrack_amanda And simply allow udp 10080 from the server (in /etc/sysconfig/iptables): -A INPUT -s 192.168.1.1 -d 192.168.1.30 -p udp -m udp --dport 10080 -j ACCEPT On the server I also allow tcp 10082 and 10083. On my bridging firewall, I modify /etc/modprobe.conf to include a longer timeout: options ip_conntrack_amanda master_timeout=2400 That works for me... Matt -- Matt Hyclak Department of Mathematics Department of Social Work Ohio University (740) 593-1263
RE: Troubleshooting new Amanda client: Amanda user?
Matt, thank you for your help. I didn't think that I had ip_conntrack_amanda, so I was trying to set it up without it. When I tried your way, it worked like a charm. Note to archive readers: I think it's important to insert the line: -A INPUT -s 192.168.1.1 -d 192.168.1.30 -p udp -m udp --dport 10080 -j ACCEPT _before_ the line: -A INPUT -j RH-Firewall-1-INPUT to prevent the packets from following the RH-Firewall-1-INPUT rules first, where they'll be discarded. Thanks, again, Matt. -Kevin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Hyclak Sent: Tuesday, June 26, 2007 11:39 AM To: amanda-users@amanda.org Subject: Re: Troubleshooting new Amanda client: Amanda user? On Tue, Jun 26, 2007 at 10:38:33AM -0400, Zembower, Kevin enlightened us: Kevin, thanks so much. You were right on the money. Disabling the firewall completely allow amcheck to work correctly. If you have some additional patience, I could use a hand trying to configure the firewall rules correctly on my amanda client. I tried to follow the directions at http://wiki.zmanda.com/index.php/How_To:Set_Up_iptables_for_Amanda to set up this rule on tobaccodev, my amanda client. This combines the amanda rule with the rules I set up using the firewall GUI in CentOS5 (RHEL5): [EMAIL PROTECTED] ~]# iptables -t filter -I INPUT 1 -p udp -m udp -s centernet.jhuccp.org --dport 10080:10083 -j ACCEPT [EMAIL PROTECTED] ~]# service iptables status Table: filter Chain INPUT (policy ACCEPT) num target prot opt source destination 1ACCEPT udp -- 10.253.192.205 0.0.0.0/0 udp dpts:10080:10083 2RH-Firewall-1-INPUT all -- 0.0.0.0/00.0.0.0/0 Chain FORWARD (policy ACCEPT) num target prot opt source destination 1RH-Firewall-1-INPUT all -- 0.0.0.0/00.0.0.0/0 Chain OUTPUT (policy ACCEPT) num target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) num target prot opt source destination 1ACCEPT all -- 0.0.0.0/00.0.0.0/0 2ACCEPT icmp -- 0.0.0.0/00.0.0.0/0 icmp type 255 3ACCEPT esp -- 0.0.0.0/00.0.0.0/0 4ACCEPT ah -- 0.0.0.0/00.0.0.0/0 5ACCEPT udp -- 0.0.0.0/0224.0.0.251 udp dpt:5353 6ACCEPT udp -- 0.0.0.0/00.0.0.0/0 udp dpt:631 7ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 tcp dpt:631 8ACCEPT all -- 0.0.0.0/00.0.0.0/0 state RELATED,ESTABLISHED 9ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:21 10 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:25 11 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:22 12 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:443 13 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:23 14 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:80 15 REJECT all -- 0.0.0.0/00.0.0.0/0 reject-with icmp-host-prohibited Here's an example of a no-error 'amcheck -c DBackup tobaccodev' from the tapeserver: [EMAIL PROTECTED] ~]# tcpdump -nn src or dst centernet and port amanda tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 10:28:58.190591 IP 10.253.192.205.854 10.253.192.217.10080: UDP, length 123 10:28:58.210814 IP 10.253.192.217.10080 10.253.192.205.854: UDP, length 50 10:28:58.212936 IP 10.253.192.217.10080 10.253.192.205.854: UDP, length 87 10:28:58.214318 IP 10.253.192.205.854 10.253.192.217.10080: UDP, length 50 10:28:58.216532 IP 10.253.192.205.854 10.253.192.217.10080: UDP, length 299 10:28:58.223632 IP 10.253.192.217.10080 10.253.192.205.854: UDP, length 50 10:28:58.233581 IP 10.253.192.217.10080 10.253.192.205.854: UDP, length 527 10:28:58.235018 IP 10.253.192.205.854 10.253.192.217.10080: UDP, length 50 8 packets captured 20 packets received by filter 0 packets dropped by kernel [EMAIL PROTECTED] ~]# I had to insert the rule to allow amanda packets in _before_ the RH-Firewall-1-INPUT rule to make it work. This tests correctly with amcheck, but I haven't tried an actual dump yet. If someone with some amanda firewall rule writing experience could check and confirm my work, I'll write an addendum to the Zmanda artile with my example, for other CentOS and RHEL users. Thanks, again, Kevin, for your advice and suggestions. -Kevin On my CentOS client systems, I modify /etc/sysconfig/iptables-config to read: IPTABLES_MODULES=ip_conntrack_ftp ip_conntrack_amanda And simply
Re: Troubleshooting new Amanda client: Amanda user?
Zembower, Kevin wrote: I'm trying to get a new Amanda client working with my existing Amanda system. My tapehost is a Debian/GNU 4.0 system named 'centernet.jhuccp.org.' It uses 'backup' as the Amanda username. My client is host 'tobaccodev.jhuccp.org' with CentOS 5, using 'amanda' as the Amanda user. The client 'amanda' has a ~/.amandahosts file containing: [EMAIL PROTECTED] ~]# cat /var/lib/amanda/.amandahosts centernet.jhuccp.org backup cn2.jhuccp.org backup [EMAIL PROTECTED] ~]# I have netstat output showing amanda listening, /etc/xinet.d/amanda with proper (I think) configuration, tcpdump with packets arriving for amanda from centernet, but the tapehost reports: [EMAIL PROTECTED]:~$ amcheck -c DBackup tobaccodev Amanda Backup Client Hosts Check WARNING: tobaccodev: selfcheck request failed: timeout waiting for ACK Client check: 1 host checked in 30.019 seconds, 1 problem found (brought to you by Amanda 2.5.1p1) [EMAIL PROTECTED]:~$ I'm running iptables on tobaccodev, but I set up a firewall rule according to http://wiki.zmanda.com/index.php/How_To:Set_Up_iptables_for_Amanda that I thought should have worked: [EMAIL PROTECTED] ~]# iptables -t filter -A INPUT -p udp -m udp -s centernet.jhuccp.org --dport 10080 -j ACCEPT [EMAIL PROTECTED] ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere ACCEPT udp -- centernet.jhuccp.org anywhereudp dpt:amanda snip I can't find any Amanda log files on the client tobaccodev. Can anyone point out what I'm doing wrong? Is there any other diagnostic I can run or send in to help troubleshoot this problem? what dumptype(particular what auth) is used? Please list /etc/xinet.d/amanda file. Additional auth (bsdtcp, bsdudp) are added to Amanda 2.5.1. Please see http://wiki.zmanda.com/index.php/Configuring_bsd/bsdudp/bsdtcp_authentication -- Thank you! Kevin Till Zmanda Management Console (ZMC) now available at http://zmanda.com
RE: Troubleshooting new Amanda client: Amanda user?
Kevin, thanks so much for writing. I appreciate your suggestions and
questions.
Here's /etc/xinet.d/amanda:
[EMAIL PROTECTED] ~]# cat /etc/xinetd.d/amanda
# default: off
# description: The client for the Amanda backup system.\
# This must be on for systems being backed up\
# by Amanda.
service amanda
{
socket_type = dgram
protocol= udp
wait= yes
user= amanda
group = disk
server = /usr/lib/amanda/amandad
disable = no
}
[EMAIL PROTECTED] ~]#
No 'auth' seems to be indicated.
The disklist entry for the 'tobaccodev' host on the tapehost is:
[EMAIL PROTECTED]:~$ grep tobaccodev /etc/amanda/DBackup/disklist
# tobaccodev host
# Uncomment when internal DNS set up for tobaccodev
tobaccodev /dev/mapper/VolGroup00-LogVol00 tar #tobaccodev: /
tobaccodev /dev/sda1 tar #tobaccodev:
/boot
[EMAIL PROTECTED]:~$
No 'auth' is indicated there, either. The 'tar' dumptype is defined on
the tapehost with:
define dumptype global {
comment Global definitions
index yes
}
define dumptype tar {
global
program GNUTAR
}
Also, something may have just changed because of changes in my
tobaccodev:~amanda/.amandahosts file, based on suggestions from Gene
Heskett. This file now reads:
[EMAIL PROTECTED] ~]# cat ~amanda/.amandahosts
centernet.jhuccp.org backup amdump amindexd amidxtaped
cn2.jhuccp.org backup amdump amindexd amidxtaped
[EMAIL PROTECTED] ~]#
This seems to now have caused the amanda log files to be written:
[EMAIL PROTECTED] ~]# ls -la /var/log/amanda/amandad.200706221*
-rw-r- 1 amanda disk 2525 Jun 22 14:26
/var/log/amanda/amandad.20070622142641.debug
-rw-r- 1 amanda disk 2525 Jun 22 15:02
/var/log/amanda/amandad.20070622150238.debug
[EMAIL PROTECTED] ~]# cat /var/log/amanda/amandad.20070622150238.debug
amandad: debug 1 pid 8055 ruid 0 euid 33: start at Fri Jun 22 15:02:38
2007
amandad: version 2.5.0p2
amandad: build: VERSION=Amanda-2.5.0p2
amandad:BUILT_DATE=Sun Jan 7 04:49:22 EST 2007
amandad:BUILT_MACH=Linux builder5.centos.org 2.6.9-42.0.3.ELsmp
#1 SMP Fri Oct 6 06:28:26 CDT 2006 i686 i686 i386 GNU/Linux
amandad:CC=gcc
amandad:CONFIGURE_COMMAND='./configure'
'--build=i686-redhat-linux-gnu' '--host=i686-redhat-linux-gnu'
'--target=i386-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr'
'--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin'
'--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include'
'--libdir=/usr/lib' '--libexecdir=/usr/lib/amanda'
'--localstatedir=/var/lib' '--sharedstatedir=/usr/com'
'--mandir=/usr/share/man' '--infodir=/usr/share/info' '--enable-shared'
'--disable-static' '--disable-dependency-tracking'
'--with-index-server=amandahost' '--with-tape-server=amandahost'
'--with-config=DailySet1'
'--with-gnutar-listdir=/var/lib/amanda/gnutar-lists'
'--with-smbclient=/usr/bin/smbclient'
'--with-dumperdir=/usr/lib/amanda/dumperdir' '--with-amandahosts'
'--with-user=amanda' '--with-group=disk' '--with-tmpdir=/var/log/amanda'
'--with-gnutar=/bin/tar' '--with-ssh-security'
amandad: paths: bindir=/usr/bin sbindir=/usr/sbin
amandad:libexecdir=/usr/lib/amanda mandir=/usr/share/man
amandad:AMANDA_TMPDIR=/var/log/amanda
amandad:AMANDA_DBGDIR=/var/log/amanda CONFIG_DIR=/etc/amanda
amandad:DEV_PREFIX=/dev/ RDEV_PREFIX=/dev/r
amandad:DUMP=/sbin/dump RESTORE=/sbin/restore VDUMP=UNDEF
amandad:VRESTORE=UNDEF XFSDUMP=UNDEF XFSRESTORE=UNDEF
VXDUMP=UNDEF
amandad:VXRESTORE=UNDEF SAMBA_CLIENT=/usr/bin/smbclient
amandad:GNUTAR=/bin/tar COMPRESS_PATH=/bin/gzip
amandad:UNCOMPRESS_PATH=/bin/gzip LPRCMD=/usr/bin/lpr
amandad:MAILER=/usr/bin/Mail
amandad:listed_incr_dir=/var/lib/amanda/gnutar-lists
amandad: defs: DEFAULT_SERVER=amandahost DEFAULT_CONFIG=DailySet1
amandad:DEFAULT_TAPE_SERVER=amandahost
amandad:DEFAULT_TAPE_DEVICE=null: HAVE_MMAP HAVE_SYSVSHM
amandad:LOCKING=POSIX_FCNTL SETPGRP_VOID DEBUG_CODE
amandad:AMANDA_DEBUG_DAYS=4 BSD_SECURITY RSH_SECURITY
USE_AMANDAHOSTS
amandad:CLIENT_LOGIN=amanda FORCE_USERID HAVE_GZIP
amandad:COMPRESS_SUFFIX=.gz COMPRESS_FAST_OPT=--fast
amandad:COMPRESS_BEST_OPT=--best UNCOMPRESS_OPT=-dc
[EMAIL PROTECTED] ~]#
I'm still getting an error, and this log file doesn't clearly indicate
to me the source of the problem.
Thanks, again, for your help.
-Kevin
-Original Message-
From: Kevin Till [mailto:[EMAIL PROTECTED]
Sent: Friday, June 22, 2007 2:17 PM
To: Zembower, Kevin
Cc: amanda-users@amanda.org
Subject: Re: Troubleshooting new Amanda client: Amanda user?
Zembower, Kevin wrote:
I'm trying to get a new Amanda client working with my existing Amanda
system. My tapehost is a Debian/GNU 4.0 system named
Re: Troubleshooting new Amanda client: Amanda user?
: Troubleshooting new Amanda client: Amanda user? Zembower, Kevin wrote: I'm trying to get a new Amanda client working with my existing Amanda system. My tapehost is a Debian/GNU 4.0 system named 'centernet.jhuccp.org.' It uses 'backup' as the Amanda username. My client is host 'tobaccodev.jhuccp.org' with CentOS 5, using 'amanda' as the Amanda user. The client 'amanda' has a ~/.amandahosts file containing: [EMAIL PROTECTED] ~]# cat /var/lib/amanda/.amandahosts centernet.jhuccp.org backup cn2.jhuccp.org backup [EMAIL PROTECTED] ~]# I have netstat output showing amanda listening, /etc/xinet.d/amanda with proper (I think) configuration, tcpdump with packets arriving for amanda from centernet, but the tapehost reports: [EMAIL PROTECTED]:~$ amcheck -c DBackup tobaccodev Amanda Backup Client Hosts Check WARNING: tobaccodev: selfcheck request failed: timeout waiting for ACK Client check: 1 host checked in 30.019 seconds, 1 problem found (brought to you by Amanda 2.5.1p1) [EMAIL PROTECTED]:~$ I'm running iptables on tobaccodev, but I set up a firewall rule according to http://wiki.zmanda.com/index.php/How_To:Set_Up_iptables_for_Amanda that I thought should have worked: [EMAIL PROTECTED] ~]# iptables -t filter -A INPUT -p udp -m udp -s centernet.jhuccp.org --dport 10080 -j ACCEPT [EMAIL PROTECTED] ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere ACCEPT udp -- centernet.jhuccp.org anywhereudp dpt:amanda snip I can't find any Amanda log files on the client tobaccodev. Can anyone point out what I'm doing wrong? Is there any other diagnostic I can run or send in to help troubleshoot this problem? what dumptype(particular what auth) is used? Please list /etc/xinet.d/amanda file. Additional auth (bsdtcp, bsdudp) are added to Amanda 2.5.1. Please see http://wiki.zmanda.com/index.php/Configuring_bsd/bsdudp/bsdtcp_authentic ation -- Thank you! Kevin Till Zmanda Management Console (ZMC) now available at http://zmanda.com
