Re: upd port restictions

[Jean-Louis Martineau]

With bsd auth, the client choose the ports, they are in the range set by 
--with-tcpportrange, which default to 1025-65536, you can set 
'unreserved-tcp-port' in amanda-client.conf to change it.


You can also switch to the bsdtcp auth which require less port and is 
easier to configure.


Jean-Louis

Glenn Gillis wrote:

Brian Cuttler wrote, On 3/24/2009 7:42 AM:

Jean-Louis,

On Tue, Mar 24, 2009 at 10:37:22AM -0400, Jean-Louis Martineau wrote:

Hi,

Server use tcp port between 10084 and 10100 to connect to client 
trel.wadsworth.org on port 56446.

It looks good.

Do you have firewall on server or client? Disable them while you 
test amanda.

Can you post server and client debug files?


We've opened the ports that we expected to use on the client,
the server is not running a FW.

I'd thought that the amanda TCP ports where well known and
had assumed it was the dump on the client that was choosing
a upd port that the server was not listening to because of
--with-udpportrange=932,948.

We will disable FW on the MAC for further testing, but I
know that there is a preference to keep it running. Are
the ports predictable so that we can at least somewhat
restrict the range ?


I believe the ports *are* predictable to an extent, Jean-Louis. I've 
successfully configured a FreeBSD Amanda server to backup another 
FreeBSD server running a firewall in the past.


I used:



and



for guidance.

Re: upd port restictions

[Glenn Gillis]

Brian Cuttler wrote, On 3/24/2009 7:42 AM:

Jean-Louis,

On Tue, Mar 24, 2009 at 10:37:22AM -0400, Jean-Louis Martineau wrote:

Hi,

Server use tcp port between 10084 and 10100 to connect to client 
trel.wadsworth.org on port 56446.

It looks good.

Do you have firewall on server or client? Disable them while you test 
amanda.

Can you post server and client debug files?


We've opened the ports that we expected to use on the client,
the server is not running a FW.

I'd thought that the amanda TCP ports where well known and
had assumed it was the dump on the client that was choosing
a upd port that the server was not listening to because of
--with-udpportrange=932,948.

We will disable FW on the MAC for further testing, but I
know that there is a preference to keep it running. Are
the ports predictable so that we can at least somewhat
restrict the range ?


I believe the ports *are* predictable to an extent, Jean-Louis. I've 
successfully configured a FreeBSD Amanda server to backup another 
FreeBSD server running a firewall in the past.


I used:



and



for guidance.
--
Glenn Gillis
Information Technology Manager
Environmental Law Alliance Worldwide
U.S. Office
http://www.elaw.org



BK - please disable FW, at least for testing, let me know
when does and I'll initiate amdump.

thank you,

Brian



Jean-Louis



Brian Cuttler wrote:
I am running Amanda 2.6.1-20090227 on Solaris 10 with ZFS and 
snapshots !! to an LTO4 in a SL24 jukebox.


I'm trying to add some remote clients, starting with the one
that gives me the most trouble. Moving the MAC with 300 Gig
of storage to the x4500 amanda platform with the Gig interface
and off of the SF280 with the 100 Meg interface and the LTO3...

However we find the following error on the server

FAILURE DUMP SUMMARY:
  trel / lev 0  FAILED [too many dumper retry: "[could not connect DATA 
  stream: can't connect stream to trel.wadsworth.org port 56446: 
  Connection timed out]"]


We did build the server with port restrictions, because that is
the way we are going.
 --with-udpportrange=932,948
 --with-tcpportrange=10084,10100

We seem to have build the amand client on the MAC without port
restrictions, the client is 2.4.5p1.

Is there any magic, short of a client rebuild to resolve
the error ? I am on the correct path ? My mac expert is
hoping he doesn't have to relearn how to rebuild, or is
there a current MAC build with port restriction in use
available ?

thank you,

Brian

---
  Brian R Cuttler brian.cutt...@wadsworth.org
  Computer Systems Support(v) 518 486-1697
  Wadsworth Center(f) 518 473-6384
  NYS Department of HealthHelp Desk 518 473-0773



IMPORTANT NOTICE: This e-mail and any attachments may contain
confidential or sensitive information which is, or may be, legally
privileged or otherwise protected by law from further disclosure.  It
is intended only for the addressee.  If you received this in error or

>from someone who was not authorized to send it to you, please do not

distribute, copy or use it or any attachments.  Please notify the
sender immediately by reply e-mail and delete this from your
system. Thank you for your cooperation.


 

---
   Brian R Cuttler brian.cutt...@wadsworth.org
   Computer Systems Support(v) 518 486-1697
   Wadsworth Center(f) 518 473-6384
   NYS Department of HealthHelp Desk 518 473-0773



IMPORTANT NOTICE: This e-mail and any attachments may contain
confidential or sensitive information which is, or may be, legally
privileged or otherwise protected by law from further disclosure.  It
is intended only for the addressee.  If you received this in error or
from someone who was not authorized to send it to you, please do not
distribute, copy or use it or any attachments.  Please notify the
sender immediately by reply e-mail and delete this from your
system. Thank you for your cooperation.


smime.p7s
Description: S/MIME Cryptographic Signature

Re: upd port restictions

[Brian Cuttler]

Jean-Louis,

On Tue, Mar 24, 2009 at 10:37:22AM -0400, Jean-Louis Martineau wrote:
> Hi,
> 
> Server use tcp port between 10084 and 10100 to connect to client 
> trel.wadsworth.org on port 56446.
> It looks good.
> 
> Do you have firewall on server or client? Disable them while you test 
> amanda.
> Can you post server and client debug files?

We've opened the ports that we expected to use on the client,
the server is not running a FW.

I'd thought that the amanda TCP ports where well known and
had assumed it was the dump on the client that was choosing
a upd port that the server was not listening to because of
--with-udpportrange=932,948.

We will disable FW on the MAC for further testing, but I
know that there is a preference to keep it running. Are
the ports predictable so that we can at least somewhat
restrict the range ?

BK - please disable FW, at least for testing, let me know
when does and I'll initiate amdump.

thank you,

Brian


> Jean-Louis
> 
> 
> 
> Brian Cuttler wrote:
> >I am running Amanda 2.6.1-20090227 on Solaris 10 with ZFS and 
> >snapshots !! to an LTO4 in a SL24 jukebox.
> >
> >I'm trying to add some remote clients, starting with the one
> >that gives me the most trouble. Moving the MAC with 300 Gig
> >of storage to the x4500 amanda platform with the Gig interface
> >and off of the SF280 with the 100 Meg interface and the LTO3...
> >
> >However we find the following error on the server
> >
> >FAILURE DUMP SUMMARY:
> >   trel / lev 0  FAILED [too many dumper retry: "[could not connect DATA 
> >   stream: can't connect stream to trel.wadsworth.org port 56446: 
> >   Connection timed out]"]
> >
> >We did build the server with port restrictions, because that is
> >the way we are going.
> >  --with-udpportrange=932,948
> >  --with-tcpportrange=10084,10100
> >
> >We seem to have build the amand client on the MAC without port
> >restrictions, the client is 2.4.5p1.
> >
> >Is there any magic, short of a client rebuild to resolve
> >the error ? I am on the correct path ? My mac expert is
> >hoping he doesn't have to relearn how to rebuild, or is
> >there a current MAC build with port restriction in use
> >available ?
> >
> > thank you,
> >
> > Brian
> >
> >---
> >   Brian R Cuttler brian.cutt...@wadsworth.org
> >   Computer Systems Support(v) 518 486-1697
> >   Wadsworth Center(f) 518 473-6384
> >   NYS Department of HealthHelp Desk 518 473-0773
> >
> >
> >
> >IMPORTANT NOTICE: This e-mail and any attachments may contain
> >confidential or sensitive information which is, or may be, legally
> >privileged or otherwise protected by law from further disclosure.  It
> >is intended only for the addressee.  If you received this in error or
> >from someone who was not authorized to send it to you, please do not
> >distribute, copy or use it or any attachments.  Please notify the
> >sender immediately by reply e-mail and delete this from your
> >system. Thank you for your cooperation.
> >
> >
> >  
> 
---
   Brian R Cuttler brian.cutt...@wadsworth.org
   Computer Systems Support(v) 518 486-1697
   Wadsworth Center(f) 518 473-6384
   NYS Department of HealthHelp Desk 518 473-0773



IMPORTANT NOTICE: This e-mail and any attachments may contain
confidential or sensitive information which is, or may be, legally
privileged or otherwise protected by law from further disclosure.  It
is intended only for the addressee.  If you received this in error or
from someone who was not authorized to send it to you, please do not
distribute, copy or use it or any attachments.  Please notify the
sender immediately by reply e-mail and delete this from your
system. Thank you for your cooperation.

Re: upd port restictions

[Jean-Louis Martineau]

Hi,

Server use tcp port between 10084 and 10100 to connect to client 
trel.wadsworth.org on port 56446.

It looks good.

Do you have firewall on server or client? Disable them while you test 
amanda.

Can you post server and client debug files?

Jean-Louis



Brian Cuttler wrote:
I am running Amanda 2.6.1-20090227 on Solaris 10 with ZFS and 
snapshots !! to an LTO4 in a SL24 jukebox.


I'm trying to add some remote clients, starting with the one
that gives me the most trouble. Moving the MAC with 300 Gig
of storage to the x4500 amanda platform with the Gig interface
and off of the SF280 with the 100 Meg interface and the LTO3...

However we find the following error on the server

FAILURE DUMP SUMMARY:
   trel / lev 0  FAILED [too many dumper retry: "[could not connect DATA stream: 
can't connect stream to trel.wadsworth.org port 56446: Connection timed out]"]

We did build the server with port restrictions, because that is
the way we are going.
  --with-udpportrange=932,948
  --with-tcpportrange=10084,10100

We seem to have build the amand client on the MAC without port
restrictions, the client is 2.4.5p1.

Is there any magic, short of a client rebuild to resolve
the error ? I am on the correct path ? My mac expert is
hoping he doesn't have to relearn how to rebuild, or is
there a current MAC build with port restriction in use
available ?

thank you,

Brian

---
   Brian R Cuttler brian.cutt...@wadsworth.org
   Computer Systems Support(v) 518 486-1697
   Wadsworth Center(f) 518 473-6384
   NYS Department of HealthHelp Desk 518 473-0773



IMPORTANT NOTICE: This e-mail and any attachments may contain
confidential or sensitive information which is, or may be, legally
privileged or otherwise protected by law from further disclosure.  It
is intended only for the addressee.  If you received this in error or
from someone who was not authorized to send it to you, please do not
distribute, copy or use it or any attachments.  Please notify the
sender immediately by reply e-mail and delete this from your
system. Thank you for your cooperation.


  

upd port restictions

[Brian Cuttler]

I am running Amanda 2.6.1-20090227 on Solaris 10 with ZFS and 
snapshots !! to an LTO4 in a SL24 jukebox.

I'm trying to add some remote clients, starting with the one
that gives me the most trouble. Moving the MAC with 300 Gig
of storage to the x4500 amanda platform with the Gig interface
and off of the SF280 with the 100 Meg interface and the LTO3...

However we find the following error on the server

FAILURE DUMP SUMMARY:
   trel / lev 0  FAILED [too many dumper retry: "[could not connect DATA 
stream: can't connect stream to trel.wadsworth.org port 56446: Connection timed 
out]"]

We did build the server with port restrictions, because that is
the way we are going.
  --with-udpportrange=932,948
  --with-tcpportrange=10084,10100

We seem to have build the amand client on the MAC without port
restrictions, the client is 2.4.5p1.

Is there any magic, short of a client rebuild to resolve
the error ? I am on the correct path ? My mac expert is
hoping he doesn't have to relearn how to rebuild, or is
there a current MAC build with port restriction in use
available ?

thank you,

Brian

---
   Brian R Cuttler brian.cutt...@wadsworth.org
   Computer Systems Support(v) 518 486-1697
   Wadsworth Center(f) 518 473-6384
   NYS Department of HealthHelp Desk 518 473-0773



IMPORTANT NOTICE: This e-mail and any attachments may contain
confidential or sensitive information which is, or may be, legally
privileged or otherwise protected by law from further disclosure.  It
is intended only for the addressee.  If you received this in error or
from someone who was not authorized to send it to you, please do not
distribute, copy or use it or any attachments.  Please notify the
sender immediately by reply e-mail and delete this from your
system. Thank you for your cooperation.